[Tadi]

You might be out there doing it, but if no one knows what you're doing, there's not much progress you can make, right? I could be doing every hack the box machine that comes out as soon as it comes out. I'm first blood for each one of them, but if no one knows that, who cares, really?

The biggest currency is attention. So if you aren't showing off your skills somehow, recruiters, all these things, you have this attention. Now, it's just up to you to prove that you can actually do what you say you're trying to do.

That's what I think is happening right now and where the market and the landscape is going in terms of just finding people. Another way you could break into the industry, personally, this is like exclusive. I don't tell this to anyone unless we're working together one-on-one.

You know what I'm saying?

[Kyser Clark]

Welcome to the Hacker's Cache, the show that decrypts the secrets of cybersecurity one bite at a time. I'm your host, Kyser Clark, and today I have Tadi Kandango, a penetration tester at GoSecure with over three years of professional experience. He has completed more than 100 security assessments across web applications, cloud environments, internal and external networks, and even physical security.

Tadi also holds certifications including OSCP, PMPT, and OSWE. In addition to client work, he shares his expertise publicly through his cybersecurity channel and newsletter, where he helps thousands of people learn about offense security and emerging threats. So Tadi, thank you so much for joining me on the show.

Go ahead and introduce yourself and unpack your experience for the audience.

[Tadi]

Thanks for having me. Appreciate the invite. My name is Tadi, kind of like Kyser said.

I have been working on offensive security for over three years now. Initially, my focus was on application security, so most of my expertise is in web and cloud, but I've transitioned into more just a general pen testing role, where I do a bit of everything. There's a lot of variety, but the downside to that is that I have no focus right now, so I kind of just touch everything, get exposed to a lot of different technologies, but it is pretty interesting because then at some point I'll know exactly what I like, and that's the upside.

Apart from that, I'm originally from Zimbabwe, studied computer science for a bit, dropped out, studied cybersecurity for a bit, dropped out, and it seems like a cycle. I don't like school, mostly because I don't like learning things I don't like. I had a gardening class and I'm not much of a gardener, so that is why I have not finished my cybersecurity degree.

At some point, I will though, but yeah, that is me. I like cybersecurity. I like hacking.

I like teaching. I like sharing. The biggest thing for me with creating content is the fact that getting my cybersecurity job changed my life and my family's life, so helping someone else do that would be such a blessing to them and such a blessing to me just to witness that as well.

[Kyser Clark]

Yeah, I agree with you. That's why I make the content that I do because no one told me how to break in the field at all, and that's why I make the content I do to help people out. We share that same interest.

What you said about college was a little interesting. You said you dropped out a few times and you plan to go back, and I'm wondering why do you plan on going back? Is it because you just don't like leaving things unfinished, or do you think that the cybersecurity degree would actually help you elevate your career or maybe a combination of both?

[Tadi]

Not necessarily the former, more of the latter career-wise. I think right now, I'm just more hands-on keyboard, but at some point, maybe if I decide I want to be more managerial, that sort of direction, degrees are definitely needed for that sort of thing. I've had numerous conversations with people at higher levels, and they said you cannot get here without a degree, not because it helps technically or in terms of expertise, but just the fact that people want to see that credential next to your name.

Not having it would just be a deterrence, so that's mostly the reason. It's not because I think it's any sort of gold standard or anything.

[Kyser Clark]

Yeah, and that's one of the reasons why I got my degrees. I have a military background, so I actually didn't have to pay for my degrees, which is I wouldn't have went to school if I had to pay for them, I don't think, because there's plenty of people that broke in without their degree. I mean, you're one of them, but at the end of the day, what I tell people is if you can afford a degree and you have the time to do it, which you should have the time to do, you can make time to do it, so it's really if you can afford it, you should get your degree because a lot of employers are asking for it, and there are some employers that actually will ask you out of the lineup if you don't have one, unfortunately. It is possible to break in a field without a degree, like there's plenty of instances where there's a lot of proof of that, but it definitely opens up doors for you that some other, with certain companies.

[Tadi]

Yeah, for sure. I've seen instances where some people get hired preferentially because they have a degree in some places, but yeah, it's more just, you know, recruiters, HR people, executives, they still want to see it. They don't really care that, you know, you've hacked a thousand websites.

They don't know what that means. They just want to see the fact that you went to MIT and you graduated top of your class, that sort of thing.

[Kyser Clark]

Yeah, and I mean, I have two degrees, and fun fact of the day, I don't really tell anybody, but I'm working on a third one now, and I'm still not that big of a fan of college, man. Like, I've definitely learned way more in the real world, you know what I mean? I've learned way more in the real world, and that's a fact.

So, I never ever look down at people who don't have a degree, ever, because it, I mean, it helps a little bit, but honestly, not really, not as much as a school hard knocks, man.

[Tadi]

Yeah, but kind of like you said, if you have the opportunity, if you can afford it, honestly, I'd say get it. The only reason I dropped out the first time was because I was moving countries, so I couldn't continue at that school. And then when I came to the U.S., it's expensive here, like ridiculously expensive, and my parents weren't gonna pay for my school at the age of 21. They were like, okay, you're kind of on your own at this point, and I wasn't gonna, you know, pay for it myself, so I was like, you know, I'll skip it. But if you have the opportunity, get it. It will help to some extent.

[Kyser Clark]

Yeah, so you don't have the college degree, but you still managed to break in the field, and I watched one of your, I think it's actually your latest video at the time of this recording, about how you broke into pen testing in eight months. So looking back, what was the single most decisive factor that separated you from others who studied just as hard, but didn't break into the field as quickly?

[Tadi]

I think the biggest thing was the fact that I made content. Lots of eyeballs came from the fact that I was making content, not necessarily portraying myself as some sort of authority, but more like this is the journey I'm on, this is what I'm learning, this is what I've learned so far, this is what I'm continuing to learn, and just making that sort of thing. I explain in that video how, at the end, I did the EJPT first, which was my first certification.

I got no interviews, no jobs from that, and then I did the PNPT, which was buzzing at the time. It had just come out, people comparing it to OACP, saying it's better for learning, and it was cheaper. So I went for that one.

Still didn't get any interviews or jobs, but I was still making content, still posting. I think just compounding content at the time that I ended up getting the OACP, which was also very expensive. I had to borrow money to do the OACP.

When I posted about the fact that I passed the OACP, so many people saw that post. I think it had like 300,000 impressions at its peak, which means 300,000 people on LinkedIn saw that post, and a lot of them were recruiters because I ended up getting messaged by recruiters, interviews for different roles, and ended up interviewing for... One of them was an application security engineer, which sounded interesting, but it was just basically penetration testing with a focus on web and cloud and some mobile.

I never really got into the mobile side of things. It just seemed like a whole different ballgame based on some of the exploits that don't necessarily cross into web, which web was something I was interested in. Because of that, I think it kind of just fast-tracked how many people saw my potential and what I was capable of.

I think that was the biggest differentiating factor.

[Kyser Clark]

I mean, that kind of aligns with mine. I don't think the content really helped me out much. I think what helped me out the most was posting on LinkedIn every single week about how I hacked the box machine.

I mean, week after week after week after week after week. I think that's what helped me the most.

[Tadi]

Were you just posting one of those when you hack the box and then you just share it? That's it?

[Kyser Clark]

It was that with a small paragraph of what I thought about the machine. Obviously, I couldn't go into detail about it because they were still active machines, so you can't give the solutions to active machines. But I would always write a small paragraph about what I thought about the machine.

I'd be like, oh, this one was pretty easy. This one was extremely hard. This one took me forever.

Whatever I thought. I would write about it, but in a generic way where I wouldn't give away the solution. I try to type as much as I can, which is very difficult to do when it's an active machine because, like I said, you can't give away solutions.

But doing that every week definitely helped me out for sure.

[Tadi]

That's interesting. People just underestimate the reach you can have with content. You don't have to be making the best content.

You don't have to have the best camera. You don't even need a camera. You can just go faceless if you want to.

But just having something where people can see that you have some sort of expertise, you have some sort of curiosity, you're doing something. You're not just sitting and crying about the fact that you want a job or whatever the case may be. But you're actually out there doing it.

You might be out there doing it. But if no one knows what you're doing, there's not much progress you can make. I could be doing every hack the box machine that comes out as soon as it comes out.

I'm first blood for each one of them. But if no one knows that, who cares, really?

[Kyser Clark]

Yeah, man, I agree 100 percent. And another thing that really helped me out was I have a lot of certifications that every time, like you said, when you got the OSCP, you had a lot of engagement and I had similar experience, not as much as you did. But it was my certification posts always got more interactions and more reactions and more impressions than any other post.

The certifications are like. People love them and people love them, and that's that's I don't know what it is. What do you think it is?

[Tadi]

Good. What do you say? What do you think the reason is that people love the certification posts the most?

Because that's been my experience as well. Like when you post, oh, I passed the certification.

[Kyser Clark]

I think it's just because it's easy to do the clap emoji and say congratulations. I mean, I do that all the time on random people's posts. But the reason why I do it is because when I see someone get OSCP, I'm like, oh, that guy worked hard for that.

That guy worked hard for. I don't even know this person, but he deserves a congratulations and I'll do that. And then also on the flip side, when I see a certification that someone gets that I don't have, like, for example, OSCE three, it's like the peak of off sick.

And I'm like, that guy worked extraordinarily hard for that and I need to pay my respects. So I think that's what it is.

[Tadi]

OK, fair enough. Yeah, I think that's what it could be, because honestly, I don't know why that post went that viral, but it just did. Thank God.

And the rest is history.

[Kyser Clark]

Nice. All right. Well, before we jump into our main discussion, let's go ahead and do security Madlib.

So for the new audience members, this is your first episode. Toddy will have 40 seconds to answer five questions. They are fill in the blank questions.

If he answers all five questions in 40 seconds, he'll get a bonus security. Sorry, not a security Madlib, which is a regular Madlib that's unrelated to cyber security. And his time will start as soon as I stop asking the first question.

[Tadi]

I think I got it.

[Kyser Clark]

All right, here we go. Toddy, the last time I used chat GPT in a security task was to?

[Tadi]

Red Report.

[Kyser Clark]

A zero day is exciting, but blank is even more exciting.

[Tadi]

Refer show.

[Kyser Clark]

The worst misconfiguration I've ever seen was blank.

[Tadi]

Reused domain admin.

[Kyser Clark]

If I could improve one thing about InfoSec culture, it would be blank.

[Tadi]

Making content.

[Kyser Clark]

I knew I messed up when blank.

[Tadi]

I copied and pasted my entire chat GPT prompts into my report.

[Kyser Clark]

It was 35 seconds. Good job. Congratulations.

You have earned the right to the bonus Madlib. So for the bonus Madlib, you can explain or as much as or as long as you want to. You can even dodge a question entirely.

OK, so here it is. If I can erase one trend forever, it would be not related to security. It can be, but you don't have to make it related.

It's supposed to be not related.

[Tadi]

OK, erase one trend. Dang, that is difficult. Fake maddies, fake maddies.

If you go to the gym, if you lift weights and you take performance enhancing drugs, you should be honest about it. Not tell people that you can achieve your physique naturally when you can't. I hate that.

[Kyser Clark]

That's a good answer, and I agree. Because there's people that look at you and like, wow, you know, maybe that's possible if I work hard, but it's like, no, it's not because you're cheating. Yeah.

Interesting, interesting response. When I put that question in today's episode, the first thing that comes to my mind is hating on successful people. I see it everywhere, bro.

I see so many people just hating on successful people. They get jealous because they're living a life that they wish they could live. I think it's a waste of time, and I think a lot of people, they spend too much time hating on successful people, and if they just use that energy to put it into themselves, then they could do something better with their life.

Another thing is if you hate on successful people, you're never going to be successful yourself. For me, I've always looked up to successful people. They pick anybody you look up to.

I've never hated on the most successful people in our field and even in other fields. We're talking like the Jeff Bezos and the Elon Musk and whoever, any top person out there that's household name. A lot of these people get hate, and you might not agree with them, but at the end of the day, I feel like you should at least respect them because you don't make it there unless you put in a certain amount of work.

That's just me. Some people, they just hate on successful people, but I feel like if you hate on successful people, you'll never be successful yourself.

[Tadi]

Has that been the case for you, at least with making content and stuff like that, people just saying, oh, you're doing it for views or for money or whatever the case?

[Kyser Clark]

No. That's actually one thing I tell people. I haven't really gotten a lot of haters.

The haters are going to come out now that I've said that, but the Cybersecurity community, the InfoSec community is pretty wholesome. Now, I did get that when I made gaming content. Fun fact of the day, I used to make gaming content.

I had a Twitch channel. I played video games every day. I made that channel to 10K followers.

I did get a lot of haters there. I was like, man, this is annoying. Then when I went to Cybersecurity content, I thought I was going to get some of the same stuff, but it was way less.

Don't get me wrong. There's been a few negative things, but it's been overwhelmingly positive. It just outshines the darkness, if you will.

[Tadi]

Yeah. Okay. That's pretty cool.

[Kyser Clark]

What about you? What do you think about that as a content creator yourself?

[Tadi]

I've gotten a few comments here and there, just general stuff, mostly based on one interview I did with my previous director. There's a claim he made, and people were not happy about it, about how much money he made in a specific timeframe, and people were just like, that's crap. It was mostly them attacking him, but it was on my channel.

I don't know. Other than that, people are kind of cool. I think they appreciate just the authenticity, how I don't just post that, oh, I passed the OICP, and then don't show you all the six months I studied and went through hell, that sort of thing.

[Kyser Clark]

Nice. So I forgot to tell you this part, but with the security Mad Libs, we're going to dive into your most interesting response. This kind of ties into what I thought was your most interesting response.

So you said, so I asked, if you could improve one thing about InfoSec culture, it would be, and you say content creation. So what do you mean by that?

[Tadi]

I think just the fact that people don't necessarily like content, making content at least. There's a few creators here and there, but there's a lot of people in InfoSec, there could be more people making specific things. But at the same time, I kind of understand the position you may be in, in some cases.

For example, there's a lot of software engineering developer YouTubers that actually show the lifestyle, right? I kind of like watching that sort of content, the day in their lives, what you spend your day doing, what your day looks like, what your work tasks look like. We work in security, half that stuff is confidential.

So I get it, but I also think there could be more people putting some effort to go above and beyond to just the regular stuff. For example, when I first started watching Cybersecurity YouTube, which was a couple of years ago, maybe 2020, 2021, kind of like most people during lockdown, I looked up what a penetration tester does. And there was very little videos.

One of them was a PowerPoint presentation. And I was like, dang, there's a lot of software engineer videos that show exactly how their day is. And so at first I was kind of like, oh, people should do this more.

And then now I'm a penetration tester. I'm like, I can't show my screen half the time. So I kind of get it.

But I think there's ways to go about it. But just generally, people don't share as much. And people just aren't that open about creating content.

You're called an influencer just because you take videos. And is it bad? Is it a bad thing?

I don't know. I don't think so. It depends, I guess.

[Kyser Clark]

Yeah, that's interesting. And I mean, I don't really share much of my personal life with my content. I mean, maybe I should.

Comment if you think I should. But for me, I just feel like, man, my day to day doesn't look that exciting. Like, I mean, I wake up, I go to my computer, I answer some emails, I fire up my Kali Linux VM, and I start doing my pen test, which is more times and not less exciting than like a Hack the Box machine, in my opinion, because a Hack the Box machine is like, it's exciting to me because I know there's a vulnerability there.

And I'm like, trying to find it. Whereas like, in a pen test, like, it's like a needle in a haystack. And it's it gets discouraging sometimes.

And I mean, I went a long time before I found my first SQL injection, I thought something was wrong with me. And when I finally found my...

[Tadi]

Like on a pen test?

[Kyser Clark]

Yeah, yeah. So my first SQL injection that I found in a production application, it took a while. And I thought something was wrong with me.

I was like, man, like, is there something wrong with me? And it turns out there wasn't. It's just I was just going against very hardened applications, I suppose, because my methodology and all the web apps are been the same.

And then like, I applied the same thing and like, oh, I found SQL injection. So it can be discouraging in the real world. Because for me, I've said this in some other content, it's like, a lot of times I'm pen testing clients who's been pen tested for longer than I've been in the field, like eight years in a row.

You know, I mean, it's been hit pretty hard. And I mean, it's not impossible to find bugs, obviously, but it definitely gets harder the more times your clients have been pen tested.

[Tadi]

Yeah, that is true. I think that is the case. But I watch videos, like I said, where people wake up, they show themselves making coffee, they show themselves going to the desk, they show themselves typing at the desk, and then just talking about what they're doing.

I find that interesting. So I'm pretty sure people would find that sort of thing interesting as well, if you were to make videos.

[Kyser Clark]

I'm the opposite. I don't think I really find that interesting. Everyone has their preferences.

So maybe there will probably be someone that's interested in like, what coffee am I drinking? Like, what sports drink do I have on my desk right now? I don't even drink.

[Tadi]

They just want to know what coffee you drink if you're a penetration test. Yeah, that sort of thing.

[Kyser Clark]

Yeah. Interesting. Well, comment down below, guys.

Let me know if you want that kind of content. Now I will consider it. Yeah, yeah, yeah.

Yeah. So if I can throw in a bone here with throwing something with that last thing. So the one thing I would change about InfoSec culture is so I got back from DEF CON.

Great time. Loved it. First DEF CON.

And I'm just scrolling down. I was like, Oh, what's people talking about DEF CON? That's what I want to know.

I want to see what people were saying. And someone made a post. And it was a picture of the crowd of like at DEF CON.

There's a lot of people there.

[Tadi]

Oh, yeah.

[Kyser Clark]

And basically, it was like, this is who you're competing against. There's this many people that are in this field. And like, just that that picture was only a fraction of like the people actually at DEF CON.

That was only one little section, like the whole convention was so people. And anyways, someone commented on it. And the comment bothered me.

And the comment was basically said that influencers and certifications ruin this field. And I'm like, Huh, that's why is that? But like, why is that a problem?

And I'm like, the reason why it bothered me is because, one, I feel like influencers is necessary, because without influencers, there would be less people that knew about security, in my opinion, like the general public, for one. And when more people know about security, there's more work that needs to be done, which means more jobs, more money for the people who are in it. And then the other one was certifications.

And I'm like, well, you know, certifications, I think that's been that's been my number one thing to help me get in this field. If it wasn't for certifications, I would have no idea like how to break in. So same.

[Tadi]

I wouldn't know half the stuff I know.

[Kyser Clark]

Yeah. And it gave me certifications also gave me the confidence to like, come on here, do a show and like talk. And because it proves that I know a subset of the information, I suppose.

And for me, it gives me a lot of confidence because I had like for OSCP, for example, we keep bringing that one up because it's the most popular certification in our field. And a lot of people know it. But like with that one, it's like.

It's a hard challenge, right? And then if you do, I guess, like if you do 100 hack the box machines, like, you know, you can like look at the write up and do 100 hack the box machines, but like there's no write up for the OSCP exam, you know. So it proves that you someone actually went through and that's that's why I like search so much.

[Tadi]

Yeah, I love certifications. I think kind of like you, they gave me direction. If it weren't for certifications, I wouldn't know much about the field at all, especially on a like on a technical level, just the structure they provide and just the cost kind of like college we're talking about.

OSCP, though it was expensive, was the return is insane. It's 1600 bucks. And now I make a little bit more than that, than that, you know.

So the return is, you know, good in terms of the investment. And then the knowledge carries on. Sure, some of the stuff might not necessarily be realistic, but it does teach you things that will help.

Yeah, I don't personally I don't understand their hate certifications get if I like a certification, if I like the content, um, if I just find it interesting, it's something I want to learn. I'll buy it. I will take my money.

[Kyser Clark]

Nice. So before we linked up for the recording, you mentioned that you wanted to talk about how the landscape has shifted for entry level roles. So what is your opinion on on the landscape like how it was versus how it is now?

Is it a problem? Is it good?

[Tadi]

Um, problem? Good. I don't know.

I think that's for people to decide. But what I think has is now happening, kind of like what you see with every other field, virality is, you know, the best currency, in a sense, like attention is the best currency, people say. And kind of like how college was being phased out by certifications.

It's kind of like certifications and college now aren't necessarily enough for people to land the first entry level role. And I think that's where making content comes in, again, making stuff that gives you eyeballs, but not just making random stuff. I see a lot of people start out by making a blog, and then they do hack the box write ups.

Everyone does that. That's not going to make you, you know, top of the food chain. Sure, it's something you have a blog, but everyone else has a blog as well.

Everyone else is doing write ups. So just finding something unique that you like and making content about it. Right now, I have a whole document of research I want to do.

Right. But because of the nature of my job where this week, I'm doing an API pentest next week, I'm going to be doing a phishing campaign. Actually, no, my phishing campaign is in three weeks.

What am I doing next week? I have no idea. But just the nature of the fact that I'm switching between this and that, I just write things down that I want to do.

And eventually I will get to them. Right. And doing those things will get me eyeballs for sure, because I'm going to post about it.

So in your day to day, find problems that you have when you're doing a hack box machine. Find one menial task that you always do. Right.

If it's spinning up this terminal or spinning up this application automated post about the fact that you automated it. People will start your GitHub repo and they will use it because it's something they can put in their repertoire and arsenal. So that's the type of thing I mean.

I'm not necessarily say go on YouTube and rant in front of a camera. I'm just saying build something and build in public. Kind of like the guys that were, I'm not sure if you know about Cluly or the guys that cheated from Columbia.

The guys that made the application that's on screen where you can cheat on like interviews, technical interviews. Like he's a software engineer. He was a software engineering student.

I think computer science student. My English is kind of terrible right now. He was a computer science student and he noticed that the technical interviews for software engineering are you do lead code and then you do the interview and then you pass.

So you're kind of just regurgitating 600 legal questions and problems, but you're not actually learning or doing anything. And then it's so different from the job when you actually start. So he built an app where it's just an overlay on your screens AI and whilst you're doing your interview it will give you the answers because it can use your microphone to record.

So it's recording the input, translating it, transcribing it, and then it just gives you the answers for your interview question. So he was able to get interviews from Amazon, Meta I think, all these big companies and then he posted about it. So because he cheated technically, he got kicked out of Columbia and then Amazon rescinded his offer.

All these other big companies rescinded his offer, but he did that publicly. He built his application publicly. He posted about it.

He didn't go viral immediately, but eventually the internet caught on and now he just bought a billboard that cost one point something million to advertise his new startup. So he's got investors, he's got people backing him, but that's because he built in public and that's just kind of what it is these days. The biggest currency is attention.

So if you aren't necessarily showing off your skills somehow, like I said, people hate the camera and I'm not saying go in front of a camera, I'm just saying build in public. If you have a tool that you've built that you use yourself, post about it. We want to know what it is.

If I like it, I'm probably going to use it as well, kind of like Kyser as well. If you build something that he likes, he's going to use it when he's pen testing and he might just talk about it on his channel. Now people know it's you and then recruiters, all these things, you have this attention.

Now it's just up to you to prove that you can actually do what you say you're trying to do. And that's what I think is happening right now and where the market and the landscape is going in terms of just finding people. That and just you make friends and you network.

I've gotten my job right now because I made content. The first job I got was because I was making content. The second job I got now is just a general penetration tester, if I can call it that, is because I made friends while I was making content and those friends referred me to places and that cycle can keep going, whatever the case may be.

But there's just a lot of benefits to building in public. I think I'll stop this rant here for now if you have any questions.

[Kyser Clark]

No, I just I agree with you, man, that attention. So I follow Gary V. I don't know if you do as well, but he says attention is the number one asset.

And when I got in, when I heard that, it changed me totally. And I that's when I started making content and that's you make content is a power play because a lot of people aren't doing it. I mean, there are a lot of content creators, but it's still a small fraction of the population that if you do it, then you are you are sticking out.

And it's very difficult to do on a consistent basis and at a high quality. And when you do it, it makes you stick out. And it definitely helps.

So and like you say, you know, getting in front of the camera isn't for everybody and maybe maybe not even get in the microphone. But like you said, building public and there are well-known people out there, like, for example, there's like books that I will read that I don't even I didn't know what the author looked like. And I just know their name because I read the book, you know, I had no idea what they looked like.

I didn't know what they sounded like. And well, let me just say who it was. It was Michelle Khan.

He wrote the the Phantom Scissor book. And I love that book. And one of the things he said in that book, it was actually I put this in my notes because one of the best lines in that book was like.

If you don't have an opinion, then you're a sheep blindly following the herd, and that's what made me really go into the content, because it made me like have my opinions and not be ashamed of my opinions and kind of be bored with my with my. With my words and my content, if you will. And anyways, moral stories, I didn't know what he looked like.

I followed him on LinkedIn and he's he's an expert. So he doesn't really show he doesn't show his face in his in his online at all and met him at DEF CON. And I had no idea it was someone pointed him out to me.

And yeah, so I just knew his name and I like this work just for his name. And then I finally met him in person. It was a great time.

But that's a that's a prime example of someone doing work and you don't know what they look like. You don't know what they sound like. They but you just see him post on LinkedIn and you see him read a book, you know?

[Tadi]

Yeah. I think just to piggyback off what you said, like you don't know some of these people, but you use their stuff. There is so many times during pen test that I need as a very specific niche tool and I just Google it and it's there and get up.

I'm like, there's no way someone wrote this. It's like so many lines of code. This is before I, by the way, and they just built it and posted it.

And I need this right now. Thank you so much. You know, and I know a bunch of names of like people on GitHub, but I've never seen them in person.

It's like insane. Insane.

[Kyser Clark]

Yeah. And like when I'm Googling exploits, there are you see like you see people regularly who write tools. You're like, Oh, this is a tool creator.

I'm like, Oh, I've seen him. He wrote this tool earlier. And like, you'll see, you'll see people multiple times.

And, and like, I never, I don't know what they look like, don't know what they sound like, but I know their name and I know what tool they wrote. And that's you know, just another example of that. So yeah, man, just, just agree with you on what you had to piggyback on there.

So it's perfect. All right. So unfortunately we're running out of time.

So Tati, let's go ahead and get into our final question. This one, everyone gets. So do you have any final hot takes or hidden wisdom you'd like to share with the audience?

[Tadi]

Hot takes, hidden wisdom. I think another way you could break into the industry, personally, this is like exclusive. I don't tell this to anyone, unless we're working together one-on-one, you know what I'm saying?

Find a penetration tester, ask them if they have something they want automated, right. Or a tool they need built. I have a bunch of them.

You can message me and I'll tell you what they are and then do it for them. Give them the link to your GitHub and then that's it. That's it.

You know, you've helped someone with a task. They'll remember it and they'll probably tag you in a post even without you asking or something like that, right. That's just another way to get eyeballs to you and your work and your capabilities.

Instead of just relying on the traditional, oh, I have a degree. I'd spent four years, so I deserve a job, you know, that sort of thing. But yeah, that's what I think.

Apart from that, just keep grinding. Keep watching YouTube because I'm on YouTube. Subscribe to the channel.

Subscribe to Kyser. Yeah, that's it. I don't really know what to say when people just tell me to go off.

To be honest, I need questions.

[Kyser Clark]

That's fair. Yeah, I like to leave it open-ended at the end because, you know, sometimes we didn't cover everything you want to talk about and the time goes by so fast. Yeah, I can't believe it's already been over 36 minutes now.

So, I'm not going to add any wisdom to that because I've been getting pretty bad at rambling on after I asked for the final wisdom. So, the final wisdom is the final wisdom, guys. So, Toddy, thank you for that final wisdom.

I think that's a very valid point you make there. So, Toddy, where can audience connect with you? You already mentioned your YouTube, but where else are you on if the audience wants to connect with you?

[Tadi]

I am mostly on LinkedIn and I am in the Cyborgs Discord. I don't have a Discord myself right now. I'm pretty terrible managing Discord.

So, you find me in the Cyborgs Discord and on LinkedIn and YouTube. That's kind of it.

[Kyser Clark]

Sweet. Thanks for being here, man. It was a pleasure.

And audience, best place to reach me, drop a comment and ask your questions.

[Tadi]

Appreciate it. Thank you for having me.

[Kyser Clark]

Audience, hopefully I'll see you in the next episode. Until then, this is Kyser and Toddy signing out. Cheers.