[Michael Kim]

I was definitely not gonna get the job but somehow I got it and I was like so curious and asked them like  “how Like why did you guys give me the job Like I don't think I didn't think I was gonna get the job." I felt like I wasn't good enough or I didn't have enough knowledge And the thing they told me is like "We could see you get better at every interview We could see you asking questions." And sometimes they take the questions they would ask similar questions and the next time the first time I was able to answer it but the next time I was actually able to answer it

[Kyser Clark]

Hi, I'm Kyser Clark, and welcome to The Hacker's Cache, the show that decrypts the secrets of offensive security one bite at a time. Every week, I invite you into the world of ethical hacking by interviewing leading offensive security practitioners.

If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Welcome to the show. Today, I have Michael Kim, who has about four and a half years of cybersecurity experience.

He started out as a cybersecurity analyst, moved into cybersecurity engineer, and finally landed a pentesting job. He's been a pentester for the past three years and is currently a senior offense security consultant. For education, Michael has a bachelor's in zoology.

For certifications, he has the CRTP, the CRTO, the GEAC Red Team Professional, the PMPT, the CH Master, the Conti Appentice Plus, and Security Plus. Michael, thank you so much for hopping on the show. Go ahead and walk to your background and introduce yourself to the audience.

Yeah.

[Michael Kim]

Thanks for the invitation, Kyser. It's nice to meet everybody. So, I currently work as a senior offensive security consultant, proactive services at Palo Alto.

Started as a test engineer at Booz. And then that was my first job at Booz Allen. And then from there on, was able to join the pentest team, working on cross-domain solutions.

From there, I was, next job was a pentester and just kept working in defense security. And before my current job, I was working as a Red Team Operator at Valiant. So, and I'm currently living in Virginia.

Happy to be a part of the podcast. I'm a huge fan of the podcast and listening and watching.

[Kyser Clark]

Yeah. Thanks for being on the show and thanks for supporting the show, my content. It does mean a lot for everybody who watches and listens to my content.

I do appreciate everyone's support. So, let's go ahead and dive into what you were doing before you got into cybersecurity. You got your bachelor's in zoology.

And that's one thing that you're trying to do. What was all the other things you're trying to do? And like, yeah, just go ahead and walk through the whole story of like, how you got into cybersecurity and all the things that you were doing that led you to this point.

[Michael Kim]

Okay. So, I went to college at University of Wisconsin-Madison for my bachelor's degree. I originally was trying to go for a physics and biology, like, I guess, double major.

But then I kind of struggled. A lot of things that the class I was taking really didn't fit with me. So, I kind of switched over to zoology, which was like, I love animals.

So, I was like, oh, this might be something that I'd be interested in. And I graduated with that. And after I graduated, I decided to, oh, yeah, I was interested in biophysics and biotechnology.

I think during that time when I graduated college, like, there was like a huge trend in, like, you know, biotechnology. And so, I was like, oh, let me get into this. I kind of worked as like, I would say, I joined a master's program in Korea.

I was doing, like, working in biophysics for a little bit. Did that. Was not happy.

And then I kind of quit. And I was, like, not doing anything. And I was like, oh, I love music.

Why not try music? Went into music. Started DJing.

Started producing. Did that for a couple years. Parents being Asian were not happy.

They were like, that's not a job. That's a hobby. And they're like, find a real job.

So, I was like, okay. I love animals. And I had a bachelor's in zoology.

Let me try to get into, maybe, veterinary school. And I was like, okay, let me start as a vet tech. Started working as a vet tech.

I loved animals. But working as a vet tech was one of the most difficult times in my life, I would say. It's not all, like, you know, sunshine and all that good stuff.

You have to see and deal with animals being sick. And it was one of the most depressing jobs that I ever had. Like, you know, I loved animals.

I loved seeing all, like, the new puppies and everything. But then having to see a lot of dogs being put down or, like, it was really bad. It was really weighing heavy on me.

So, then I was like, oh, I can't do this anymore. Switched over to, oh, let me go to pharmacy school. Let me become a farm tech.

Try to become a farm tech. I was like, that wasn't fun either. I was just, like, basically counting pills every day.

And I was like, I was just, like, there's, like, a pill counting type of, like, you know, I was like, I don't know how to explain it. Like, there's this thing where, like, you know, you have pills on and you just start, like, counting the pills, like, how many pills there are. There's, like, a light on it.

And it shows, like, how many pills that you put down. And then you, like, count 100 pills. You put them in the pill bottle.

And you, like, you know, put them and send them to, like, the pharmacist. And then they do whatever. And then I was working in a very, very unsafe neighborhood.

So, we were, like, robbed a couple times too. So, that was not a fun experience either. And then I was like, I can't do this anymore.

I tried to work in retail. Tried to work as a server. Tried to work as the restaurant manager.

And eventually went back to music. Did music again. And then I was visiting my family right before the pandemic in Korea.

And I was about to come back to the US. And that's when the first cases of, like, COVID were happening in the US. And my family was like, oh, you should stay until it gets better.

And I was like, I'll probably take a couple months. And it ended up taking a couple years. During that time, I was, like, stuck at home doing nothing, playing with my dog.

And I was like, there's nothing to do. And at that time, there's a huge cyber boom. Like, you know, there's a ton of boot camps popping up and everything.

And I was like, oh, yeah, you can get a six-figure job. Like, you know, you just need to, like, join, like, for a couple months. And it's 100% online.

You can be wherever you want. And you just need to pay this much. It's not a small amount.

But, like, you know, there's, like, multiple ways we can make this work. And I was like, oh, I'm not doing anything. Let me try this.

Tried it out. And never looked back. I met my best friends there.

And, like, they're all over the US working in different companies, different areas in cybersecurity. Majority of them are in offensive security. And, yeah, that's how I started.

And from there on, joined Booz. And, yeah, that's how and now I'm here. So, I'm super happy.

Glad that and I would say I'm very fortunate. I got to this point within three years. I will hit my three-year mark next month.

So, I would say been a very fast, chaotic journey. But, yeah, happy to be here. And now I am on your podcast.

[Kyser Clark]

Well, thanks for walking through your background. And before we go any further, we have to get into the Rav4r questions. Are you ready for the Rav4r round?

[Michael Kim]

Oh, yeah. I've been watching. I've been seeing these Rav4r questions.

I'm ready. I'm ready. I want to make sure I hit all these questions as fast as possible so I can get, like, the bonus question.

[Kyser Clark]

Yeah. So, for those who don't know, so, I've already went. So, I have a list of, like, 72 Rav4r questions and I'll go through all 72 and I'll recycle them.

So, in a random order every time. So, these questions have been asked before. So, if you've listened or watched every episode, then you've already heard these questions.

You just don't know which of the 72 you're going to get or, yeah, or what order you're going to get them in because it's random. But, yeah. All right.

So, for those who don't know, Michael will have 30 seconds to answer questions. If he answers all five questions in 30 seconds, he will get a bonus six question unrelated to cybersecurity. And those questions are never repeated.

Those are always fresh. And I'm pretty excited about this one if he can get the bonus question. So, Michael, let's go ahead and get started here.

Your time will start as soon as I stop asking the first question. Here we go. Michael, do you think cybersecurity industry is growing fast enough?

[Michael Kim]

I would say that it was, but I think right now it's going through a whole transition phase where it's about to explode again.

[Kyser Clark]

Have you ever participated in a bug buying program?

[Michael Kim]

I have not, but I know friends that have. So, I definitely want to do in the future. I don't think I'm good enough yet, but in the future maybe.

[Kyser Clark]

Does compliance equal security?

[Michael Kim]

That is a field that I'm not 100% like, you know, really professional in. So, I wouldn't say I know exactly, but I would say I kind of agree. Most challenging part of your job?

I would say waking up early as possible, trying to not hit the traffic.

[Kyser Clark]

What operating system is your everyday PC?

[Michael Kim]

It's Mac OS, but my favorite VM is always being Kali.

[Kyser Clark]

That was 42 seconds. So, you're just over the time limit. Oh, yeah.

You gotta go quick, man. I forgot to tell you not to provide any explanation. I just assumed you got it.

You said you were watching the show. You should have known better. Yeah.

[Michael Kim]

Okay.

[Kyser Clark]

That's all right, man.

[Michael Kim]

Next time. Next time.

[Kyser Clark]

You have, you have, you have, you made some good points and one of the, one of the things I want to expand upon was, do you think cybersecurity industry is growing fast enough? So, you said, you know, there was a huge cybersecurity boom and that's what made you kind of get in and then it seemed like it started slowing down, but now you say it's starting to speed back up. Do you have any more insights there or like why you think that or go ahead and just expand on that thought?

[Michael Kim]

Yeah, absolutely. I think like cybersecurity, you can't really just talk about cybersecurity by itself. I think you have to look at the bigger picture of IT and tech itself.

Cybersecurity is like a small part of that from my viewpoint, from my perspective. Like this is, this is all my opinion. So, if anybody out there, if they disagree, I totally understand.

If you want to discuss about it, we can always discuss about it. But from my opinion, like, you know, cybersecurity, I think it's only a small part. Like there's like, as you said, like there's like the compliance part, there's like the software engineer part, there's like the data part, like it's a whole part.

But I feel like everything, you can't really just talk about one part of cybersecurity, like this part of IT and tech. Everything kind of grows together. Like, you know, you can't have this one field grow by itself, that's too much.

For example, AI. AI, I think is one of the main reasons why I think an explosion is going to happen pretty soon. I think not only in cybersecurity, but also in the software engineering area too.

And as you know, there's like the huge meme going around called vibe coding, where like, I think, I think everybody does somewhat kind of does vibe coding a little bit. Because like we all kind of, because like AI has become so prominent these days, like not only in cybersecurity, but like, you know, in a lot of different fields in tech. And everybody utilizes it not only in tech, but like in their everyday lives too.

Like there are people who are not even in this field, who utilize like ask questions, they ask dumb questions, and they just like ask philosophical questions, like ask like random questions. So it's become where I feel like it's kind of like where, remember, I don't know, I'm kind of old. So I would say, I don't know how old you are.

But like, you know, I went through the phase of like the, the, what is it? Let's say like the iPhone phase, like the actual Galaxy phone phase, where used to be flip phones. And then we got an actual phone with a screen, we're actually computer.

And I feel like during that time, at first, it wasn't catching up as fast. But then in this, like, there was a huge boom. And I feel like AI is kind of like where it's starting to become an everyday thing.

And eventually, it's going to become so big, or become so prominent in our lives, like a cell phone. And it's going to become a huge boom. And as AI go up, goes up, compliance, and the morality of AI is going to go up, and different types of vulnerabilities are going to pop up.

And it's become so much easier for APTs to make or like, you know, I guess, find ways or like, it becomes script kiddies and script kiddies, like the word script kiddie is no longer going to become like, oh, maybe there's someone just using a random script, you're going to become actually, oh, I don't know what the script does. But I can use AI to make it really lethal type of situation. So I feel like it's going to eventually become, there's going to be a huge boom is the way I see it.

[Kyser Clark]

Yeah, I completely agree with you, especially the AI point. That's exactly what I was thinking of when I asked that question. Because I think AI does is going to cause some security vulnerabilities down the road that we just haven't seen yet.

And I think there's going to be some major cyber breaches coming down the pipeline, that are because of AI, because it's not exactly the most secure thing in the world. There's been plenty of research that shows that, you know, AI isn't the most secure thing. And we also have a lot of businesses.

And like you said, that's another point you mentioned, you said it's not, cybersecurity can't just grow by itself, it has to go with AI. And I think it's got to go with business. And as businesses incorporate this new technology, AI, they're just grabbing AI all willy nilly, and just putting in their products, and putting in their business, and not really understanding the repercussions of it, because most people don't really understand how cybersecurity works, and the risks and threats that are out there.

And I think some companies are going to get toasted here in the pipeline. And I think when we start seeing these cyber breaches in the news, the cybersecurity industry will start booming again. And like you said, I do agree with you like it like, I got a cybersecurity outset at that same time, like, when when that boom, and like you said, like a boot camps, like you can get a six figure job by doing two weeks of training.

You're like, that's, that's, you know, there's millions and millions of unfilled jobs. And it's like, man, that's, I'm going to be employed for life. Like I was doing this research for school.

And it's like, unemployment rate 0% for cybersecurity professionals. And everybody makes six figures. And then when I got in the military, and I realized that it was a lot harder to find a job than I thought.

And yeah, it was a cold reality check, which is one of the reasons why I make the content that I do because I seriously, I seriously thought coming out of the military with my total certifications and my six years of experience in cyber defense operations, I thought that I would have a line of employers just like waiting to just hire me and just pay me stupid amounts of money. And that just wasn't the case. I got two job offers.

And they were, you know, they were paying, paying well, but I ain't gonna lie, like the the pay was a little bit lower than I thought I was gonna get for my first job out of the military. So but I do see it turning around. So if you are trying to break in the field, and you are struggling, that's, I would say that's pretty normal right now.

But in the future, I think it's gonna blow up again. And I just it just goes in cycles. I mean, we did go through a down, a down economy, like we didn't technically go into a recession, I don't know, like a couple years ago or something like that.

So it definitely has a lot to do with the way the economy is. And it's cybersecurity, like you said, just can't grow on its own. Great discussion.

But let's go ahead and dive into our main topics here. So as you said, you watched the show and you had we had some guests talk about boot camps and pretty strong opinions about boot camps. And my opinions been out there.

I'm not a big fan of them. I've actually never done one because I just never saw it worth it. So you have a little bit of an opposing opinion.

So yeah, what do you think about boot camps?

[Michael Kim]

I think, at the same time, like, you know, it's, you got to be careful with anything, with any type of, like, you know, I guess, education, like not only boot camps, but also for schools to like, you know, you got to be careful where you join and where you get information and where you go to. But I think, like, depends on what you're looking for. For me, personally, like, I like the structure.

I like the structure. And I like the kind of goal. I like the guidance.

And like, you know, I know there's boot camps out there where like, they kind of scam you, they take your money, they don't really provide you. And like, I've talked to a lot of people who've been through that, like, you know, they're like, oh, and they have really negative opinions about boot camps. And I was like, I totally understand, like, you know, that's your opinion, that's your experience.

For me, personally, I would say it was one of the best decisions that I ever made. Because like, that's where I met my best friends. And I would say that luck definitely plays a big part in a lot of things that we do, like, you know, not only job hunting, but also like interviews, and like, you know, going to new jobs, like meeting new amazing coworkers, making amazing friends.

Luck plays a big part. And I think I was very, very lucky. But at the same time, like, as I said, like, I, when I hear people talk about like, you know, oh, yeah, boot camps are all scams and everything.

I have to disagree. I feel like there are probably is I think a lot of boot camps are that out there that are probably scams. But I think there are good boot camps out there that are actually trying to help.

And like, you know, any boot camp, any school, any type of education type of provider, they're trying to make money like that's, you can't hate them for trying to make money. Because like, that's how they pay their employees. And that's how they continue on trying to like in a continuum, I guess, working, making their boot camp work.

But for me, like, I went to Evolve Security Academy. And it was a good experience. I met amazing people there.

My team lead was amazing. I still talked to him. And he's like, yeah, he's a adversary, offensive security adversarial red teamer at Deloitte.

And I whenever I have like, some type of I need advice, I always call him, I just call him message him is like, you know, I need advice. I'm about to do this. What do you think?

And he's always been there for me. So and like the people that I used to like, you know, for the boot camp, we all keep in contact. There are definitely people that like, you know, kind of like fizzled off.

But the majority of people that I know from there, like we help each other, we talk to each other, we try to do boxes with each other. This is it's been a good time, a good experience. And like having that structure of where like, you know, we're gonna do this, we do that.

And then at the end, we're gonna do kind of like a phishing campaign where like, and that's kind of where, where we're actually working with a specific company where it's like, this company is allowing us to do a phishing campaign with them. And this, the boot camp kind of like has like a partnership with this company where they allow it, and they do like a free type of pen test. And for me, it was amazing experience.

It kind of showed me where like what I want to focus on. And I have to say, I was very heavily leading towards pen testing from the start, because everybody in my team lead was working already as a pen tester. So we were heavily everybody that was working in that group, we were heavily influenced by that.

So everybody's like, we all want to be offensive security engineers, we want to work in pen testing. So that's how I started. And I never looked back.

And I would say, I understand, as I said, there are a lot of boot camps out there. And there's probably a lot of scamming boot camps out there. At the same time, if you do your due diligence, and always ask Reddit, always ask your friends who've been going through that, and try it out, I feel like it is worth it.

And even if you don't have the money, there are a lot of different ways you can pay it off. And the unfortunate thing is a lot of boot camps can be kind of pricey. So I would say that's the downfalls.

And they might not have a really good environment for you to learn on. But my experience with the Vault Security Academy was really nice. They had a good environment to study and do everything on.

So I would say, if you want to try to go through a boot camp, if you need if you do better with structure and guidance, boot camps are definitely a good method and way to go, I would say.

[Kyser Clark]

That's a good point. That's a good opposing argument that I've never even thought about, like the networking aspect of it. Because for me, you know, I like that structured learning too.

That's why I have so many certifications, because certifications offer you semi structured environments, not as structured as a boot camp, but it's way more structured than, you know, just trying to figure it all out on your own. That's why I like certifications. But the thing with certifications is you're typically self-studying for them.

I mean, with the exception of the Ofsec certifications that I have, I don't really don't interact with like other classmates. But like with Ofsec, like there's a discord and you're interacting with people in there and you're, you know, learning from them and you're helping other people out. But yeah, for the most part, for certifications, like you're kind of on your own.

So that's a really interesting point you bring up about boot camps. And speaking of, you know, networking and building up your network. So you have over 13,000 followers on LinkedIn and you know a thing or two about building a network.

So in your opinion, like what, what is the secret to networking in this field? And more importantly, like how should people be networking? How should people be using LinkedIn?

[Michael Kim]

I think LinkedIn is one of the most underrated tools out there. I think like, I know a lot, I see a lot of people talk about how like, oh yeah, utilize LinkedIn. Like, no, that's how you can get jobs.

I can make connections, everything. But I think it is very underrated because like, it's one of the, for me, the way that I treated. So as you know, like I told you, my background was music and I worked on producing music and DJing.

In that field and music, self-promotion is very important. That's how you get gigs. That's how you can collab with different artists.

You got to put yourself out there. Like, you know, that's why I utilize like, you know, Instagram to post my music or like, you know, or SoundCloud to post my mixes or like, you know, just reach out to like clubs, reach out to people just to build that kind of like, you know, connection and network. And I just saw LinkedIn.

And I actually, the funny thing is the bootcamp taught me about LinkedIn. I didn't even know about LinkedIn back then. And they're like, oh yeah, so we have a section about LinkedIn and like how it's you, how you should utilize LinkedIn.

I saw it as like, oh, this kind of reminds me of like this regular, like social media that I use to self-promote myself. So it's like, okay, let me just do the same thing. Let me apply my mindset that I had on how I self-promoted myself and other social media streams and apply that to LinkedIn.

So I tried to learn how to utilize it to the best that I could and learning the different features, understanding how to promote myself on there. And like, I think it is a little overpriced. I would say it's expensive.

LinkedIn premium is, it's not cheap, but it is worth it. And especially like, you know, I think the thing about it is it's good. And showing, I think like having that gold badge next to your name on your profile, it looks shiny and it's about like, it kind of comes off as professional.

And that's one thing that you definitely want to work on. I think I'm making that I try to work on my, like, you know, like my specific LinkedIn profile, making it look as professional as possible, show what I'm doing, share as much as possible, what I'm doing, what I'm working on, what I did, and try to build that connection and like, you know, reach out to people if like, oh, like, I see someone have that certification that I got or getting a certification that I want, like, oh, like, oh, that's awesome. Congratulations. Like I asked him, like, can I get some like an advice on that?

Like, you know, how was it like, you know, just reaching out like that was like the best way to build like that connection network. And also, like having that, like, LinkedIn premium feature was also a good thing is like, where, you know, a lot of people kind of like, like to stalk people on LinkedIn. And you can change.

So if you don't have the premium, everybody knows that you stalk them. And if you stalk them multiple times, you can get kind of weirded out. I was like, why does person like, you know, come to my LinkedIn profile so many times in this past week, like, I see, they've come here like at least 10 times.

And like, and then that's the thing, like via checking and having coming off and like, you know, having that, putting off that certain type of vibe is very important. Because like, you know, you want to make sure that you don't come off as desperate. You want to come off as like, awkward or strange.

And if you visit someone's profile 10 times in a week, like, doesn't matter what you say, they're going to be like, strange danger. So having one of the one of the big things I liked about the premium feature, it was the fact that you can change your visibility to where, like, it's anonymous. So nobody knows that you visited because like, you'll just pop up as anonymous.

And after that, I put that on and I started stalking so many people and seeing what they did, what they worked on, what kind of certifications they had, where they're working at, and kind of envisioned like, and I would see people like, you know, working at places I would love to work at, I was like, and I looked at like their career progression, what they did, how they build profile, and who they're connecting with and everything. And I just kind of started trying to build a list of what I needed to focus on and try to build myself up.

It's all about learning from other people and building those networks. And once I kind of started to build myself up, then I started once I have kind of like a little bit of a professional vibe on my LinkedIn, that's when I started like, no, reaching out to people, because you don't want to reach out to people without like, I feel like having no banner, no picture, and nothing, no profile summary, and no job description, no certifications, you reach out, it's like, No, hey, like, you know, like, it's nice to me, I just want to like, you know, it's not like no, no more about you when you do reaching out like that kind of gives kind of like, I want to be very careful how I say this, because I know these days, you can get canceled if you say something wrong.

So I want to be very careful about like, it can come off not in a very good way, I would say. So building yourself up, making sure you come off in a certain way in a professional way. And it's a lot more easier to approach people, I think.

And also, I think when I first started, I like sent connection requests, like, like a madman. And another good thing about the premium feature is like, it definitely gives you a lot more freedom to not a lot more additional connection requests, you can send as many connection requests, there is a limit still, there's a limit where like, you're after certain amount, I think 100 150 or something that certain amount, they're like, oh, you're at your quota, you have to wait a week until you do that again.

So there's like those type of features. And also, another about another premium feature is the fact that you can send messages to like, there's sometimes you can send messages to people that have like certain type of filters on them, like there's people have filters where like, oh, they won't allow you to send messages unless you're connected to them. And there's a lot of like, recruiters are like that who set that field filter up.

But then, since I'm premium, I'm a premium feature member, I have like tokens that I can use where I can send specific messages to recruiters or people who have their filter up. So there's a lot of those. But like, I can go on and on about on about like LinkedIn features, like also like the fact that like I sent so many connection requests to people on specific companies that I want to work at, like people who work there, recruiters, hiring managers, CEOs, CTOs, CISOs, like, I was like a madman.

I'm very, very, I once I have a goal, I'm, I can become very, very like addicted to something like until I achieve a goal. So but I don't want to say too much. But like, I'll say I want to I want to try to stop myself because I can go on and on and on.

So that's the other try. I'll try to stop myself there.

[Kyser Clark]

Yeah, I could I could talk all day about networking myself, for sure. But you know, we're getting a little pressed for time here. So we got to move on to the next topic, which is you brought this vibe check thing.

So how important is the vibe check going into interviews? And why is that one of the most important skills to have?

[Michael Kim]

I think it's it is like not it's I think it's nearly as important as your technical skills. I think everybody in this field, not only in cybersecurity, not only it in any field, you've worked with people that you don't like, and you don't agree with. And no, it's like, it's like one thing where you can disagree.

And it's another thing where you can hate someone. And if you're in an environment where you're working with people that you do not like, it's very difficult to stay there a long time. And because like, you want to be in an environment where you're in a supportive, collaborative, happy to work environment, you don't want to work with people that like, you know, pay your guts and you hate their guts.

Because it's so toxic, you don't want to be in a toxic environment. And the vibe, that's why I feel like vibe checks are so important when you do interviews. Like, you know, there's like, you know, usually, like, if you do interviews, like, there's like, you know, maybe, let's say there's three interviews, there's like a technical, like, you know, like a technical interview, there's no technical interview.

And there's like a vibe check interview. People, I think a lot of people think that, oh, yeah, I just need to do a good job in the vibe check interview. I feel like all interviews are semi somewhat vibe checks.

Not all, even the technical interviews. Because like, if you're interviewing someone, and they're like, let's say you're, if you're interviewing someone, and they come off as standoffish, they come off as not humble, they come off as like, you know, having such a huge ego, and they come off as being snarky. Doesn't matter how smart they are.

I don't think anybody would want to hire that person. Because like, at the end of the day, you're going to be working with that person. And you want to at least enjoy working with that person.

At that point, I would rather hire someone who is less knowledge than person. And is actually a nice, decent human being that you can, because like, skill, I feel like skills, you can learn, as long as you put in the effort. And like, you know, you can go in a company, and they can give you like the certain type of like, you know, guideline of what you need to study everything, you can teach that you can teach human decency.

And like, you can't change a person's personality. That's like something that you've, I wouldn't say you weren't born born with, but that's more something that you like, you know, that's who you are as a person that you came to this point in your life. So that's why I feel like by checks are super important.

[Kyser Clark]

Yeah, I totally agree with you. I actually said that in one of my videos is like nine times out of 10, when you get declined for a job, it's especially one that you feel qualified for. It's not because you didn't have the skills is because you didn't pass the culture fit for that company.

My company was doing some interviews. And they said during one of our pentesting meetings, like, you know, we're doing some interviews, this guy was qualified, but wasn't a good culture fit. And but don't take it personally, though, either.

Because like, if you get declined because of a culture fit, that's actually doing you a favor, especially if you go in the interview, being your genuine self, you don't want to not fit in with the people you want to work with. So you don't want to put on this like fake face about trying to fit into the culture, you don't want to try to force yourself to fit in that culture just to get a job, you want to be your genuine self. And if you get a job being your genuine self, then you're going to enjoy that job so much more.

And I was thinking about this today, because I put in some memes in my team's chat. And you know, my teammates get a kick of my memes, at least a fair amount of the time they don't, not all of them hit. But you know, such is the life when you're a meme lord.

But uh, yeah, that's that's really good point to bring up. And I'm glad you mentioned that because a lot of people don't get that. Unfortunately, we are running out of time.

So we need to get to the final question, which is, do you have any additional cybersecurity hot takes or hidden wisdom you would like to share?

[Michael Kim]

Huh, I would say, interview, I can talk a little bit of interviews, my experience wise, I feel like this one, I think everybody probably knows, always be humble when you enter interview, always be humble, never act like you know stuff. Like, you know, always. And then also, utilize, always ask questions.

Like if you don't understand a question, always ask. And one thing that I feel like a lot of people don't do is after like, and let's say that you got a question, like a specific technical question, and you didn't know how to explain it. And at the end of the interview, they usually ask, do you have any questions for us?

I like to write down all the questions that I didn't know, or the questions that I kind of was more curious about. And I would like, you know, ask that, like, you know, I would ask them, like, if there's some time, could you please like talk about like, can you give me, explain to me what kind of answer would have worked for that specific question? Or can you give, can you go more into detail of what you talked about earlier on?

And I feel like that's always a good thing, because it shows that you're willing to learn. And also, I think one of the things I think one of the interviews that I did for a company, like, I thought I wasn't thinking, I was definitely not gonna get the job, but somehow I got it. And I was like, so curious.

And I said, like, how, how, like, why did you guys give me the job? Like, I don't think I didn't think I was gonna get the job. I felt like I wasn't good enough, or I didn't have enough knowledge.

And the thing they told me is like, we could see you get better at every interview, we could see you asking questions. And we would, sometimes the technical questions, they would ask similar questions. And the next time, the first time I was able to answer it, but the next time I was actually able to answer it.

And I have a lot, I have like a list, I have my own notes, I have a list of so many questions that I got from interviews that I didn't know, which I asked, or I kind of kind of like, you know, researched myself. So in the future, if somebody asked me the question, I would be ready. And I feel like that is a big thing.

Always ask questions, it's okay not to know, you can always learn. Like it's, this is like, this is a field where we never stop learning. If you, if you are learning something, or you're in this field, and you feel like, oh my god, when does it stop?

When do I have to stop learning? If you're in, if you have that type of mindset, you're in the wrong field, man. This is a field like where until the day you die, you're going to learn new stuff, new vulnerabilities are going to come up, new exploits are going to come up, new attack vectors are going to come up, new certifications are going to come up.

Like maybe in the future, we'll see, we'll probably see OSCP plus, plus, plus, plus, plus. I don't know. But like, it's like interview as much as possible.

Do not be afraid to interview. Do not be afraid to fail. Because every time you fail, you learn something.

And I think that's the biggest thing about interviews is always try to get something out of that interview. I would say that's my biggest take.

[Kyser Clark]

Great advice. Thank you so much for sharing your wisdom. Michael, thank you so much for being here.

Thanks for all the expert opinions and insights that you brought to us. Where can the audience get ahold of you if they want to connect with you?

[Michael Kim]

Oh, they can come to my LinkedIn. Just send me a connection request. Send me a message.

Like, you know, just like try to interact with me. Like, I'm always down to talk. And if you come off in a very, like, you know, if you come off in a very awkward and strange way, like, I will let you know.

Well, no, I'm just joking. But like I said, like, you know, it's everybody's different. Everybody has their own personality.

So like I said, like this, if you want to reach out to me, please just send me a message.

[Kyser Clark]

Yeah, make sure you have a profile picture and you're not stuck 10 times in one week. He said that in the episode. And if you miss it, you got to rewind and listen to that part.

All right, audience, thank you so much for watching. Thanks for listening. If you want to connect with me, the best place to reach me is also LinkedIn and my website, Kyserclark.com.

Hopefully I see you in the next episode. Until then, this is Kyser signing off.