[Kyser Clark]

Welcome to the Hacker's Cache, the show that decrypts the secrets of cybersecurity one byte at a time. I'm your host, Kyser Clark, and today I have Kyle Hoehn, who is a seasoned penetration tester with certifications from CREST, Ofsec, I&E, and TCM Security, including OSCP, PNPT, ECPPT, EWPT, and CRT. With over a decade of experience ranging from IT infrastructure and security engineering to full-time offensive security, Kyle brings a well-rounded perspective on both defense and offense.

His passion lies in helping organizations strengthen their security posture and educating others on practical approaches to real-world testing. So, Kyle, thank you so much for hopping on the show. Go ahead and introduce yourself and walk to your background for the audience.

[Kyle Hoehn]

Yeah, thank you for having me. I appreciate it. So, again, my name is Kyle Hoehn.

I do have a lot of letters from certifications. It is kind of a passion of mine. I've been into hacking since I was about 13 years old.

Started in IT and did that for about 14 years until probably the last five where I've actually pursued cybersecurity as an actual profession.

[Kyser Clark]

Nice. Starting hacking at 13. So, how did that happen?

What made you get into it? What introduced you to the hacker culture at such a young age?

[Kyle Hoehn]

To be honest, I was on dial-up out in the middle of nowhere where I grew up. I was in a lot of Yahoo and MSN chat rooms and kind of started stumbling across the Yahoo and MSN booter applications where you could actually, if you were in a chat room, basically DOS someone out of the chat room.

[Kyser Clark]

Yeah. And then did it happen to you? And you're like, how did this happen?

And your curiosity kind of took over from that point?

[Kyle Hoehn]

Yeah, a little bit. It had happened to me a couple times. And later on, I found out what they were using and then started to proceed to be an angsty 13-year-old in those chat rooms and start kicking out people that had opposing opinions or were not stroking my ego very well.

[Kyser Clark]

So, transitioning from your teenage years to your adult life, at what point in time did you realize that IT and security could be a career for you?

[Kyle Hoehn]

Honestly, it was probably when I was about 15. I started going to a local community college while I was in high school, taking Cisco networking classes and things like that. And especially since I had kind of that experience with computers, it just stuck with me that this is what I want to do.

I want to go into some form of IT, whether it's just IT or if I could make a career out of doing unethical things in an ethical way, I would much rather go that route. So, it's always kind of been there. To be honest, everybody back in the day is giving your computer aids with line wire and things like that.

That's kind of where I learned about reformatting machines and stuff like that. So, I learned that real fast when I was in that 13, 14-year-old range, downloading things that I should not have been downloading. Nice.

[Kyser Clark]

Hearing stories like that, I always get a little envious because I was learning those line wires when I was a kid. I would download all kinds of weird stuff too and infect the family computer and all that stuff. But I didn't know you could do it as a profession.

I didn't realize you could do it in a profession until I was, I think, 22 years old because I come from a blue collar background. I thought that was the only professions I can get into. And then I was like, oh, you can get paid to work in tech.

And then I was like, how do I get into tech? And I was like, go to college. I thought that was the only way.

And I was like, but I don't like college. And then I was like, but I can do this in the military. I was like, I don't want to pay for college.

How can I get training? And I was like, and that's why I'm going to go to the military and IT. It was a very good path because I wouldn't change it for anything.

Part of me does wish, I was like, man, I wish I would have started a little earlier because I was 24 years old when I started my cybersecurity career. And I was like, man, if I would've got started earlier, I would be a lot further ahead because, I mean, there's just like a million things I want to know that I don't know. And I feel like I got a late start, you know?

[Kyle Hoehn]

Oh yeah. No, it's that's like with me, I initially was going into it under the pretense of, you know, I'm going to be a systems administrator. Like that's, that was my goal is getting high up on that because at the time systems administrators were making a lot of money.

And that was kind of my, you know, route there. And I actually had a kid at 19 right out of high school. So I pretty much had to jump into tech pretty much immediately out of high school to support my family.

But it was kind of similar to you about like 2022 was where I started to realize like, Oh, like they actually are hiring ethical hackers, like to, to actually do these things. Like that's, that's really what I want to pursue.

[Kyser Clark]

Nice. Yeah. Just one clarification or so I went in at 24 as this is, I mean, I didn't know you can get paid to hack until I was in the field for like almost a year or so.

Like after I got done with my training and I went through my first base, I was like, Oh, you can get paid to be a hacker. And I was like, man, it seems kind of hard. I was like, I don't think I got it in me to like put in that much time.

And I was like, ah, screw it. Let's do it anyways. And then here I am.

It does take a long time and it is a lot of work and a lot of effort, a lot of hours. And honestly, it was a little harder than I thought, but it was still worth it. I wouldn't change it for anything.

[Kyle Hoehn]

And I mean, honestly, going, going off on this subject some more as in, in my opinion, to be a good hacker you, you should have some of that experience in the systems administration side. You know, I mean, yes, you can possibly get in there without it, but you should have at least a foundational knowledge of, you know, active directory and things like that, to, to actually be able to do some of the stuff and circumvent some of the things in, in the way that you would normally see them set up in an environment.

[Kyser Clark]

Yeah, totally agree. I, and I actually talked about this in a previous episode, what it's titled, why you can't find a job after you pass OCP. And I brought up the point that a lot of people are trying to go straight into cybersecurity.

They're trying to skip over the desk, trying to skip over the sysadmin. And that's why a lot of employers are overlooking you is because they do value that experience. And the reason why they value that experience is because a lot of hiring managers, that's the route they took.

And people are like, oh, it's a gatekeeping. Why is it gotta be hard? Because it was hard for them.

It's gotta be hard for me. And it's like, well, not necessarily. It's because they expect you to know a lot of things.

Like it's a high paying job for a reason. And that's, that's my argument. It's like, you got to know a lot of things if you expect to be productive and be finding vulnerabilities.

[Kyle Hoehn]

Yeah, agreed, especially on the red team side. On the blue team side, I would say that's probably a little less so. But on the red team side, you almost definitely have to have some kind of experience like that.

[Kyser Clark]

Yeah, I can see that. I agree with that with the blue team. Like I can see like going straight into like a soccer analyst, like a junior soccer analyst role.

[Kyle Hoehn]

Yeah, you're just looking at event logs, which I mean, you know, yeah, sysadmin would be nice to have because you know what you're looking for in the event logs and things like that. But it's, it's less technical. In that sense, you know, you're not having to dive into networks and start, you know, kind of spidering your way out from there.

You're already in there. It's just a matter of looking at what you have.

[Kyser Clark]

So you said you had a lot of acronyms and a lot of letters after your name. And a lot of people are wondering, like, how do you determine which certifications to pursue? I made a video about this not too long ago.

But I would like to hear your perspective.

[Kyle Hoehn]

So with red team, and you know, the kind of the red and offensive side of things, there are so many certifications. And you can get you know, anything in cloud, network, web app, mobile testing, things like that. It's, it's honestly, what I've been passionate about that has driven, you know, kind of the direction that I want to go with my career there.

And for me, personally, I really like internal network testing, as well as you know, red teaming and a little bit of malware.

[Kyser Clark]

Nice. And do you do any web app testing at all?

[Kyle Hoehn]

I do do some web app testing. And I do have a couple certifications in web app. But it's, I really hate web app.

I'm gonna be blunt about that. I really hate web app. It's just there's so many different technologies that you have to get familiar with.

And it's it's not straightforward, like network pen testing is.

[Kyser Clark]

Yeah, I would say, because I do networks and web apps, I do both. And I would say networks are more routine. Every network is unique.

But they all have, like TCP, I was similar layout. IP works the same way no matter what. So it's in the protocols and the the things that are on a network are generally the same from organization organization.

But in a web app, like two web apps serve two completely different purposes and has a completely different frameworks. And there's tons of web app frameworks out there. So I can definitely see that.

The reason why I asked that question was because I recently made a video like a web app pen tester roadmap. And one of the claims I made was that there's more web app work than network pen testing work. Do would you agree with that?

Or disagree with that? And do you think that web app, like not knowing it hinders your ability to like break in or level up in the field?

[Kyle Hoehn]

I would say that you should have at least a foundational knowledge of web app. And, and even just getting like some low level web app certification definitely would help. But as far as network pen testing and red taming are concerned, yeah, it's not a hard like you've got a no web app inside and out type thing.

It's, it's great to have that foundational knowledge. And you will see it on some of some of the certifications, you know, as far as getting like a foothold and things like that are concerned. But it's generally going to be at that foundational level.

It's not going to be, you know, anything like, you know, the, the EWPTX or something like that, where there's these insane cHoehns that you have to come up with to get an exploit.

[Kyser Clark]

Interesting perspective. Thanks for unpacking that. We're going to take a small pause in the conversation.

And we're going to go into the security Madlibs. But before we go, I got to make sure you're ready. So are you ready for the security Madlibs Kyle?

[Kyle Hoehn]

Yes, sir.

[Kyser Clark]

All right. For those who don't know, for those who are new to the show, Kyle, I have 40 seconds to answer five phone blank questions. If he answers all five phone blank questions in 40 seconds or less, he'll get a bonus six question unrelated to cybersecurity.

His time is going to start as soon as I stop asking the first question. All right, here we go.

[Kyle Hoehn]

Kyle, the most dramatic thing I've seen on a blue team is I have seen a blue team fight with each other internally on an email going back and forth with me from the red team perspective.

[Kyser Clark]

If you hadn't renamed penetration testing, you'd call it probably can't say it on on video.

[Kyle Hoehn]

Good enough. The worst CV name is this is a rough one. Probably dirty cow.

[Kyser Clark]

The one feature Kyle Linux is missing.

[Kyle Hoehn]

Is honestly more built in tools.

[Kyser Clark]

All right. That was about 57 seconds. So not 40.

That's okay. It's a challenge. It's it's hard on purpose.

I intentionally make it hard. So don't feel bad. But yet, I agree with you there on that last point.

There is so many tools in Kyle Lennox that I that aren't there that I have to manually install every time I get a new VM. I have to install tools. And it's a little annoying.

And it's like, man, why are these tools not in college? I use them on every pen test, you know, or every certification exam, or like, am I training routinely, etc, etc.

[Kyle Hoehn]

Yeah, that's why I ended up writing myself a provisioning script for VMs, just because I'm constantly making new VMs. And so I just run it and it installs everything. And then the other few apps that it doesn't install with Kali Linux, everything to get those in there. So now, now, here's a question for you.

Why Kali and not parrot?

[Kyser Clark]

That's a good question. Kali Linux is my favorite. And I would say it's probably it's I don't want to say it's probably it most likely is and probably it is it's the most popular hacking distro.

And that's the one I use. It's my favorite. So if you have a preference, I mean, it is what it is.

But is that what you use to use for? Yeah.

[Kyle Hoehn]

No, I use Kali as well. It's just it's because I know how to get the tools that I want in in Kali just by running the Kali Linux, everything and I don't know what parrot even has that same functionality.

[Kyser Clark]

It's might be a bad mentality. But like, I'm a kind of on the if it's not broke, don't fix it kind of guy. You know what I mean?

Like, I've never been like, man, screw you, Kali Linux. Like, why you be like this? And then I don't like to experiment for the sake of experimenting.

Because which hinders my abilities to accomplish certain tasks, because I don't allow myself to play in a sandbox. I am a task oriented person. So if like I said, if there's no reason for me to switch, I don't switch.

But there's another reason why as well, because one time, I was doing a hack the box machine, and they have their built in attack box. And that's, that's Parrot OS. It's like a, yeah, they're partnered with Parrot OS.

And it didn't have, I can't remember what tool was on it. But it was it made the hack the box, like me putting this box significantly longer and harder than if I were to just use Kali Linux. And I can't remember exactly why, but there was something that it was just missing that it did not have.

And I'm like, that was, that was my time. I was like, Oh, yeah, I'll try this other distro out this one time. And then it let me down.

It seemed like and I know the attack box on hack the box is probably a little bit different than like Parrot the base OS. But ever since then, I'm like, man, if something broke, don't fix it, you know?

[Kyle Hoehn]

Yep. Now I have been there on a couple certifications, where they do drop you into, you know, their own attack box. And they expect you to use that rather than your own virtual machine that you have, you know, fully configured the way you like, with all your favorite tools and everything.

And they expect you to do it with the tools that are built in with no internet access to get new tools. And that is extremely frustrating. Yeah, 100%.

And I want to say it was the new version of the EWPT that that did it for me. Where I, I basically was telling myself, I'm never going to take another exam where they have an attack box you have to use.

[Kyser Clark]

Yeah. Yeah.

[Kyle Hoehn]

And I am having to make that exception for the CRTO.

[Kyser Clark]

Yeah, I was about to say, that we've had another guest talk about that, about the CRTO. And I was about to say that. So I'm glad you brought that up.

I haven't done a CRTO. But it's one, it's on my bucket list of the 400 that I want to get. It's definitely fun.

[Kyle Hoehn]

And and I have found that with the new version of the CRTO. It's a little broken. The old version, they only gave you like 40 hours.

And you had, I think it was like four days to use up those 40 hours. Right now, at least in the lab environment that I dropped into, I kept my lab rolling for about a month.

[Kyser Clark]

Interesting.

[Kyle Hoehn]

Yeah, because as long as you had logged into it, you could then just log out immediately after. So it only use up like a minute of your time to check in with it. And then as soon as you paused it, it would give you another seven days to continue on with it.

And I, I just wanted to see how far I could push it. And so I literally let it roll for like a month.

[Kyser Clark]

Is it still rolling? Or is it?

[Kyle Hoehn]

No, no, no. This was in July when I started that. And I didn't stop resetting my timer until like the end of August.

[Kyser Clark]

That's funny. They change the rules because people like you but that's that's funny. So you're wearing your St. Con shirt. And that's going on at the time it's recorded. Now that viewers and listeners who are listening to this, this is what this is going to be a couple weeks in the past for you. But for Kyle, it's going on right now.

So Kyle, what's going on St. Con? Where is it at? How do you like it?

Tell me everything you want about St. Con, everything you can.

[Kyle Hoehn]

So St. Con is honestly one of the best conventions I have been to. They do cap it out at around 2000 to 2500 people. It takes place in Provo, Utah.

And I live here in Salt Lake, Utah. So it's just about a 35-40 minute drive for me to get down there to it. Honestly, it's a very different convention.

It's meant for all ages. So I mean, you'll see kids that are, you know, five and six running around there with their parents as well. Enjoying it and having fun with the badge that's made, which MK Factor, who has done a lot of, you know, DEF CON badges and, and stuff like that in the past, designs their badge every year, or at least has designed their badge every year for quite some time.

[Kyser Clark]

Nice. I don't think I've ever been a conference, although I've, this is like the first year I've like done conferences. So I'm pretty new to the conference game, but I've been to, I don't know, five, six conferences, something like that now.

I've never seen kids run around. So that's, that's interesting. So why is, why does that happen there?

[Kyle Hoehn]

And is it just, uh, the code of conduct is very, very different as far as that's concerned. There's no alcohol consumption. So it's not DEF CON by any means.

I mean, it's Utah. It's Utah. There's alcohol is very controlled here in this state.

[Kyser Clark]

Yeah.

[Kyle Hoehn]

So then, and again, to go off topic a little bit, um, here in Utah, we actually have alcohol dispensaries, uh, kind of like how Colorado has, you know, marijuana dispensaries and things like that. Um, it's not there. They're all state run liquor stores.

They're not, they, they may be privately run, but they're, it's technically, if you look for them, it'll say, um, state liquor store.

[Kyser Clark]

Interesting. Yeah. So when I lived in Alaska, like everything had to be in a liquor store.

Now they did have like a separate liquor store built into the grocery stores in some of the places. Uh, but here in Ohio, man, like you can buy liquor right at the grocery store. Like, I'm not even kidding when I say this, my hometown, the grocery store, there is alcohol.

The alcohol section of the grocery store is right next to a gun store. And that's also right next to a hardware store. So it's a hardware store, liquor store, and a gun shop in one corner of the grocery store.

And then the rest of the store, the grocery store. And I'm like, dude, this is, this is great.

[Kyle Hoehn]

I'm like, this is, you can get everything you need all right there.

[Kyser Clark]

Yeah.

[Kyle Hoehn]

Yeah. And that's, that's like in, in New Mexico, you can go to like Sam's club or Costco and things like that. And they've got, you know, tequila sitting there in like the middle aisle.

And it's like, wow, that's definitely different. Um, because it was not like that in Colorado where I was originally from. So.

[Kyser Clark]

Yeah. Interesting. So think on, um, it's, what's been your favorite talk so far?

What's been your favorite events?

[Kyle Hoehn]

Um, honestly, I've just been going around the vendor booths, um, for the most part and chatting up with some of the vendors there. Um, and then also just chatting it up with the attendees. Um, there haven't been too many talks that I've been interested in going to this year.

Um, however, I will say that the talks that I have gone to in the past at St. Con have been much more beneficial, uh, than talks at other conferences that I have gone to. Um, for example, um, you know, a year or two ago, there was, um, some talks about, you know, offensive security, um, and using it in a school setting as far as, you know, uh, for a school district. Um, and I used to work for a school district doing IT.

Um, so I was pretty interested to see that one and see their take on it. Um, considering I had kind of started to, to go down this cyber security path while I was at the school district as well. Um, so there's, there's things that I find at St. Con that just seem to resonate with me more.

[Kyser Clark]

Yeah.

[Kyle Hoehn]

This year I haven't really gone to any of the talks.

[Kyser Clark]

I might have to make a trip to Utah next year for St. Con because it sounds, sounds cool. I mean, we talked off recording a lot and I mean, it just sounds like a good, like a good time.

[Kyle Hoehn]

Yeah, it definitely is. And it's definitely a different kind of con, um, in the sense that, um, you collect mini badges, um, at these conferences and they're just little, you know, maybe one inch by one inch, uh, badges, but there's, and anyone at the con can make them, um, and then hand them out at the convention. And then a lot of it is around like soldering skills and stuff like that.

So you're actually doing a lot of soldering at the convention. And that's honestly what I've been spending most of my time doing. Collecting badges and soldering them together.

[Kyser Clark]

Nice. So like you take, so are they like a badge by itself or is this like a piece of a badge?

[Kyle Hoehn]

Um, no, they're, they're little individual badges. Um, I've got some from stuff from previous years. Like I've got some that are actually like a portal where they've got, you know, the, the turret and stuff like that.

And you have to solder on the led to the back to, to light up the turrets, um, little circle there. Um, but it's, uh, I've got some that are Lord of the Rings, Zelda, like it's pretty much whatever badges the creator wants to make. Um, there are even some larger, more elaborate mini badges where they're, they'll take up the whole mini badge saying, um, you know, where you plug them in just because they're so large.

Um, like there was one, I think that was a helicopter, um, that was like that big. And it's, it was literally like three or four times the size of a normal mini badge.

[Kyser Clark]

Yeah. That sounds cool. The, with the badges and I see how that could take up a lot of your time just trying to find the coolest badges.

[Kyle Hoehn]

And this year, apparently there's, there's something like a thousand different mini badges this year or something like that.

[Kyser Clark]

So that would overwhelm me.

[Kyle Hoehn]

Oh yeah.

[Kyser Clark]

That would, that right there would make me not want to do it. Cause like I, I have like an obsession, like thing, like if I'm into something, I'm into something. I'm like, I collect them all, you know?

So that would probably stress me out trying to collect all the badges.

[Kyle Hoehn]

Yeah. I went into it blind the first year that I went to St. Con, didn't know anything about mini badges or anything like that. And by the end of that con, I was in that same mindset of, I gotta get them all.

Um, but as, as the years have gone on now, I selectively look, um, cause they'll actually post, um, a link that's, that's got the majority of the mini badges that you will find at the con. So that way you can actually kind of zone in and find the people that are going to have those badges.

[Kyser Clark]

Nice. So as far as prefer personal and professional development, what have been your top takeaways from the conference so far?

[Kyle Hoehn]

Um, honestly, it's, it's mostly been the keynotes that I've seen from there. Um, and in particular, shout out to John Hammond. Um, he was, uh, one of the keynotes this year and did a great talk on, um, how, uh, you know, cybersecurity is basically a giant yard sale and, you know, you can't get everything at the yard sale.

So you need to, to really kind of focus in on what you want, um, and what you want to get out of it. Um, especially in, in this industry, like, like we were talking about kind of when we first started this, this conversation here, um, is finding where your passion is and pursuing that.

[Kyser Clark]

Yeah. Cause it's definitely, you can't be overwhelmed if you try to learn everything about everything. Cause it's impossible.

And as much as I want to know everything about everything in cybersecurity, it's impossible. And it stresses me out and gives me anxiety every day. I'm like, bro, like, this is why I have a hard time taking breaks because like, I was like, if I take a break, I'm going to fall behind.

I'm like, there's someone else studying this and I don't know this. And I, I, you know, I like to know everything I can. So yeah, that's really good to know because you, you will, and you can, you will burn yourself out chasing everything.

And I mean, I've had several stages of burnout in my career so far and it's probably going to happen multiple times again.

[Kyle Hoehn]

Yep. I have been there as well. And I even thought about going into like gunsmithing or blacksmithing at one point, um, just to get out of the tech space because it had burnt me out so bad.

[Kyser Clark]

Yeah. Well, you know, it's been stressing me out lately is AI, because I was like, before ChattyBT, like we had, you know, we had these certifications that are kind of like, you know, these are certifications you should get. And I had like this path from, okay, I'm gonna get this cert.

And then after that, I'm gonna get this one, this one. And I kind of like made a structured path for myself. And then AI comes out and like, yeah, I'm using ChattyBT to help me out.

But then like, I'm, I'm definitely a ChattyBT power user. Somewhere along the line, it was like, I didn't realize like there was all these other AI tools like getting built behind the scenes that are not ChattyBT and not Copilot and not Claude LLM. And I'm like, oh my gosh, there's like so much more AI stuff I don't know.

And I like the MCP protocol. And I didn't know anything about that until like, just recently, I'm like, I gotta know all this stuff. And I'm like, now I feel like, I still want to learn my offense security stuff.

But I also want to learn this AI stuff. And it's like stressed me out. Because like, I feel like I have to do both.

You know?

[Kyle Hoehn]

Yeah. And that is definitely a thing there, you know, as far as you know, you're wanting to know everything. But at the same hand, if, if it's not something that you're not passionate about, if you've got friends that do have the passion towards that stuff, leverage them.

You know, if you run into something where you do need to find out something about that, leverage the people around you that actually know, know about that stuff. And it's kind of that way with with some of the people that I work with, where we've all got our different niches. You know, I'm, I'm on the red team and internal testing side, I've got a buddy who's very heavily into the AI side, and really nerds out about that.

And if I ever have an AI question or something like that, I'll generally just leverage him, rather than than trying to find it out myself, because it's too much to learn. There's so many facets, and you could go so deep down that rabbit hole. So quick.

[Kyser Clark]

Right? Yeah. And I mean, I have a high passion for AI, I think it's cool.

I talk about it in this podcast a lot, actually. And but I feel like I've only scratched the surface. Like, I know, there's way more things to know.

And now that I know about the things I know, I'm like, Oh, my gosh, like, if I want to be ahead in my career, like, if I like, because I am, I am of the opinion that AI is going to replace everyone's jobs. Eventually, I could be wrong. But I hope I'm wrong.

But for me, my mentality is like, well, better safe than sorry, I better like future proof my career as much as I possibly can. And I got to get ahead of it while I have while I'm in my prime working years. So I look at it.

Hopefully, I'm wrong. And that doesn't happen. But I'm just preparing for the worst hope for the best.

And yeah, I have a high passion for AI. And I have a high off passion for offense security. And I don't even touch blue team anymore.

When I first got in the field, that's kind of what I was doing. But there's no time for me to even touch the blue team and defense security at the moment.

[Kyle Hoehn]

Yeah. And are you one of those people that says thank you to the AI every time as well?

[Kyser Clark]

Not every time. But I will say I do say thank you to the AI pretty often.

[Kyle Hoehn]

Yep. I I am taking that route as well. Yeah, if it's going to replace us at some point.

I want it to remember me being nice to it.

[Kyser Clark]

Yeah, well, there's been times where I've been mean to it will be like, because I've taught with my voice and be like, No, like, you're giving me this information. I don't want this information. I want this information.

I'm like, I'm starting with it. Like I'm not cussing out or anything. But there's been times but you know, sometimes people need to start talking to and in this case, I need to start talking to.

[Kyle Hoehn]

Yep, I've I've been down that route as well. I will say I have been playing with local LLMs rather than some of the larger ones there like chat GPT and grok and those guys but I do like the local just because there are less guardrails on it. And that's that I should take a step back here as well and say, you know, yes, I did mention some malware development earlier in in the discussion here.

I am very much a vibe coder. When it comes to that type of stuff. I don't have all the time in the world to, you know, kind of dive into actual malware development.

So I do rely pretty heavily on AI to help me kind of, you know, make some of these things that I'm trying to do specifically around, you know, shellcode loaders and things like that and then obfuscating those shellcode loaders to evade, you know, EDR and stuff like that. And for a while chat GPT was actually helping me out just mainly due to the fact that I had provided it enough information that it knew that, you know, yes, this is what I do for a living. This is what I'm asking you to do.

I'm not going to be using it in, you know, a malicious way in an unauthorized fashion. But luckily local LLMs don't care about that and they'll spit me out whenever I want now that chat GPT won't.

[Kyser Clark]

Nice. And they're more private. So you can tell it your deepest, darkest secrets and you don't have to worry about the internet knowing.

[Kyle Hoehn]

Yeah. I'm still not doing that. Yeah.

No. And if I do ask something that's like borderline to like kind of test its guardrails and see how far it'll go. I always follow up with, thank you.

You know, this was, I tested your guardrails to see what you would do if prompted this. So thank you for letting me know how far you will go with this.

[Kyser Clark]

Nice. Well, Kyle, unfortunately we're running out of time. So I'm gonna ask you the final question.

Do you have any additional cybersecurity hot takes or hidden wisdom you'd like to share?

[Kyle Hoehn]

So as far as hot takes, not really. But I will say that for those that are kind of starting down this path, they should definitely look into, you know, the IT side of things and find something to nerd out in there as well, whether that's networking or, you know, systems administration and playing in a sandbox, something along those lines, just to get more of that kind of foundational knowledge. Because like we were talking about earlier, we do see a very big influx of people coming into cyber that don't have the skill sets and foundational knowledge.

And again, like you were saying there, you know, they're wondering why can't I get a job anywhere? And it's, it's because of that. Primarily, you know, you've got to have that foundational knowledge to, to really build on, especially in an offensive career.

[Kyser Clark]

Great advice. And Kyle, where can the audience connect with you if they want to connect with you?

[Kyle Hoehn]

They can connect with me on LinkedIn. That is primarily the main platform that you guys will find me on. I do not post on there.

I do accept all requests that have people with an IT background because LinkedIn has become kind of a dumpster fire as far as people sending requests. If it says trainer, I'm not accepting your friend request. I'm sorry.

[Kyser Clark]

The trainers listening to the show is they're sad now. They're just unsubscribed. But, uh, well, Kyle, thank you so much for being here.

And, uh, yeah, I appreciate your, all your insights and wisdom. I know the audience got some value out of this one and audience best place for each me. Just drop a YouTube comment, rate the show five stars if you're on audio.

And if you're on YouTube, hit the subscribe button, hit this like button and share the show with a friend. Cyber security is a lot better when you have friends. So let them know that you're listening to the Hacker's Catch podcast to level up.

If you're trying to help people around you level up. Thanks for watching. Thanks for listening.

This is Kyser and Kyle signing off. Thank you for having me.