Kyser Clark (00:10.478)
Welcome to The Hacker's Cache, the show that decrypts the secrets of cybersecurity one bite at a time. I'm your host Kyser Clark. And today I have another returning guest who was someone who's become familiar in the cybersecurity community. Tyler Ransby. He is the founder of both KyroSec and HackSmarter where he helps organizations identify and fix critical security flaws while making hands-on hacking education accessible to everyone. Tyler has an impressive background as a penetration tester, vulnerability researcher.

and community leader, holding multiple certifications, including OSCP and multiple CVEs. What makes him stand out is his blend of technical precision, teaching ability and leadership all rooted in his unique journey from ministry to offensive security. Tyler, welcome back to the Hacker's Cash. How you been and why have you been up to since the last time you were on the show?

Tyler Ramsbey (01:01.072)
Yeah, thank you so much for inviting me back. I'm trying to remember when we had the last show first, I think after the last show, we've been able to meet in person a few times. We hung out at DEF CON. You were with our group when we walked like, we just literally kept walking until we got to the part of Vegas that it was just like random homeless people in a field. And we finally called an Uber and then hung out at Wawa's Hacking Fest. But outside of that, I have started two kind of big...

platforms or companies or organizations, whatever you want to call them, but you already mentioned them. So I am fully self-employed now, which is insane, both like exciting, but also terrifying. And I do Kyra sec, which is a pen testing firm and then hack smarter, which is a platform to learn ethical hacking. And I believe one of the best info set communities around on our discord, but that is now my full time focus as of a month and 10 days now.

Which is crazy. But yeah, thank you again for inviting me back.

Kyser Clark (01:59.47)
Yeah, man, I'm glad to have you here. By the way, for the audience, if you want to go back and listen to or watch the other episode, Tyler is on episode number 36, not required to enjoy this episode. So you can keep listening to this one. And if you like Tyler, then definitely go back and listen to that episode, watch episode and then subscribe to Tyler YouTube channel. It makes tons of great content.

Tyler Ramsbey (02:15.152)
Go watch it.

Kyser Clark (02:21.784)
So yeah, you've won on your own and you made your own company. And I know you've made a lot of content because you're documenting your journey, but for those who don't know, why did you do that?

Tyler Ramsbey (02:35.044)
So it's always kind of been my plan from the beginning. So if you would have asked me when I was first getting in, well, I've been in IT for a long time. So I've been in IT in some form or capacity for like 10 years, but it was always kind of a side gig in order to pay bills. But when I went to really doing it full time when I was done with ministry, I even told my wife, like my long-term plan is I want to start my own company in some shape or form, because I've always been entrepreneurial even back like in high school.

And then most of my like career and ministry, it was similar. I was basically self-employed, didn't have really bosses or supervisors above me. So when I switched to IT full-time, honestly, it was pretty weird to me to like report to other people. Like I just wasn't used to that. And I very much enjoy leading, building stuff and making something of my own. So was always my plan sort of from the beginning when I got into the field and the timing just felt right to me.

I had recently released my first few courses. So my my big course release was an AWS pen testing course intro to AWS pen testing. And it was significantly more successful than I was expecting, which doesn't take much like I thought maybe a handful of people would buy the course. But like for that course, I literally made it while I was live streaming. So anyone could have just watched the live stream and not bought the course. And I assume that's what most people would do is of course less polished than the course. But I just didn't know what to expect.

but it went significantly better. And then I really began thinking like, think I could do this full time. Like I could launch now and just see how it goes. I also had a few other things in my favor. When I began pen testing, I of course made significantly more than I ever made back when I was a pastor, like four times what my salary used to be. But the good decision I made is I never changed my standard of living. So I live in the same house.

I was driving the same car for a long time, but it finally just like literally stopped moving. So I had to upgrade to a 2012 Honda pilot now. But I didn't change my standard of living, didn't increase all my costs. So I could go back to my pastor salary and I'd be fine. My whole family would be fine. I'm the sole income provider for my family of four, but we were fine back then. We're fine now. And what I really value more than money is just freedom.

Tyler Ramsbey (04:56.874)
And especially creative freedom, both in my content and what I build, but also just freedom and being present and focused on my family and trying to build some type of cool legacy. So it just felt like the time was right. And so I made the leap. actually gave my notice to my employer about three months before I made the leap, which can be awkward, but I had a good relationship with them. And I just told them like, look guys, I'm not leaving to work for another company so I can stay as long as you need me.

And we had some more complex projects coming up. So I stayed until the end of September. So October 1st was when I was officially full time with Kyra sec and act smarter. So the summary is the time just felt right. And I figured, Hey, let me just try it. Worst case scenario, I fail miserably and I'll make a video about it. And then I'll just get another job. Like it'll, it'll all work out in the end.

Kyser Clark (05:50.668)
Yeah. And that's really cool and truly inspiring. And so you said freedom, which you definitely get when you are on your own as an entrepreneur and you're not working for an employer, more freedom doesn't necessarily mean more free time. Can you explain that?

Tyler Ramsbey (06:10.231)
Yes. Yeah, that's why I did the quotations for freedom. I think when a lot of people think about entrepreneurship, and I've been looking at the subreddit like entrepreneurs, so I see it there. People do picture like, hey, I can do finally do like the the four day work week or like the four hour work week and then I can, you know, spend the rest of time playing battlefield, right? And then like, I can make all my money and I am set. But it's not true. At least it's not true for 99.999 % of people.

who get into entrepreneurship. I work significantly more than I would ever work if I was just a W2 employee. And the reason for that is at least like, well, one, I don't know if it's a mistake, I enjoy it, but a lot of people will start one company. I have essentially started two of them and both of them could be full-time jobs in and of themselves. So Kyra Sack, I am the person doing quite literally everything. So I'm doing all of our pen testing. I'm also doing our marketing, our sales, casting vision.

And I have to be, we can talk more about how to balance that because there's specific guardrails I have in place when I'm working with clients. And then on the hack smarter side of things, that is where my courses are at, but we also have a bunch of hands-on labs. So we have 14 labs right now, I think covering Active Directory, Windows and Linux. We add new labs every single week. And that has like an entire thing of infrastructure marketing content, working with the community because most of our machines are community submitted.

So like legit, each one of those roles could be 40 hours a week. And I am attempting to do both of them and still make content for YouTube and still be active in the community. So I don't even know how many hours I work a week. If I had to guess, it would be, man, honestly, an average week is probably 60 hours, sometimes 70 hours. But there's more freedom in that I get to determine whatever 16 hours a day I work, but I get to determine what...

what I work on and I'm building something of my own and this won't click for everyone. Not everyone enjoys entrepreneurship or for those who have like a fire to be an entrepreneur, there is something incredibly fulfilling that you know that you are working on something you own. Like you are building a project or a product that belongs to you that you've been here from the beginning and like I even took a big pay cut to do this. So I'm paying myself a salary but I cut my salary. Geez, probably

Tyler Ramsbey (08:36.208)
I think like 30 to $40,000. Like I gave myself a 30 to $40,000 pay cut, but in return, I get to build something of my own. I'm not building something for someone else. I'm not making someone else a bunch of money. I am able to build something of my own and really build it alongside of the community. So I don't know if I would recommend this path for most people, but it's something that works for me. It helps that I live in freaking rural South Dakota where things are incredibly cheap. If I lived in Seattle,

I can never do this, but where I live and some of my passions have made it possible, but it is definitely significantly more hours, but the freedom comes in what I'm able to work on, what I'm building. And I do have freedom in my own schedule where, if I want to go do something with my kids, I can be like, hey, peace, I'm gonna be gone for this afternoon. I don't have to take silly PTO or anything like that.

Kyser Clark (09:29.39)
Yeah. And you know, while you're talking about that, one analogy that pops in my head when I think about entrepreneurship and I don't own a business, but I'm slightly entrepreneur mindset. I mean, I don't think you can. I think if you start a YouTube channel, you're automatically entrepreneurial in a way. So I understand a little bit, but I, you I don't know when I come off of YouTube. have a full-time pen that's job, but the way I think of it is like, like, yeah, you can move off grid.

Tyler Ramsbey (09:46.244)
Yes.

Kyser Clark (09:58.526)
and go in the woods and live by yourself. You're technically more free, but you are going to work more for that freedom. Like you're going to cut your own wood, find your own water, get your own berries. And like you're giving up lot of modern luxuries to do that, but you are more free. So I feel like that's how I think about entrepreneurship. It's like, yeah, you're more free, but you have to work for that freedom.

Tyler Ramsbey (10:13.134)
Yes.

Tyler Ramsbey (10:19.522)
It's very true. I mean, potentially, like later on, that's where you can really experience that freedom of not having to work, you know, a bunch of hours each week, you know, five or 10 years or you sell the business. For me, I thoroughly enjoy it. Now, you really do have to find a rhythm, you have to find a balance to it. Burnout can be real. And when I say burnout, mean, like clinical burnout, depression can be real, you need to be careful of that. And what works for me doesn't work for everyone, right? We all have our own

unique ways, unique rhythms, unique flexibility and ways of doing things. But what I'm doing now works for me. But I'm still trying to find that pace and that balance. For a long time, I was streaming like nearly every single night in addition to working during the day. And I just realized, okay, like I can sprint for a while, I can grind for a while, but I can't stream every single night and do everything I do during the day. So I've cut down on that. I've started streaming a little more.

during the day and being flexible. But I'm still honestly trying to figure out like a sustainable pace, as sustainable as it can possibly be anyways, doing startups and entrepreneurship that in and of itself is gonna require just on its own higher hours, higher energy level, but I'm still trying to figure it out.

Kyser Clark (11:32.716)
Yeah, no, so work-life balance is different for everybody. And I mean, I thought about grinding a lot too. And if you grind like, if you grind the brake pad, like the brake pad will eventually go to nothing. And this weekend, normally I'm on the weekends, I make my YouTube content cause I have a full time job. make all my content on weekends. This weekend I was like, nah, man, I'm gonna play battlefield. I'm chilling. So I didn't make any, I didn't make any videos this weekend. So.

pause anybody else looking forward to videos but I was like man I'm just chilling you know but it happens

Tyler Ramsbey (12:04.45)
And you need that dude. There's times like you can feel when you need that. At least I can. Like I went through legit burnout and spent time in, quite a bit of time in professional therapy getting that figured out. But I can now kind of recognize internally when I'm getting too close to the edge, like dangerously close to the edge. And then I know, okay, I need to pull back and just take that time off. But it takes a lot of self-awareness. Honestly, kudos to you. That's great that you recognize, hey.

I can play battlefield for a weekend and guess what the world doesn't fall apart. There's still people watching YouTube videos like it doesn't all depend on you. doesn't all depend on me.

Kyser Clark (12:43.648)
Yeah. And would you say working for yourself? Do you think it's? I don't want to say it's easier, but are you more motivated to do a higher quality job or to like really buckle in to do the work?

Tyler Ramsbey (12:59.438)
Yes, absolutely. And I think that's the difference between like ownership and being an employee. So for example, in October we had, well, we started October 1st and right away in October we had our first internal pen test. It was an eight or 10 day internal pen test. And during that time, so here's one of the things I've done.

And it's the ability to say no to people. But when I'm on a pen test, as you know, Kaiser is a pen tester, clients are paying a lot of money to have you doing the pen test. So during that like two week period, I had a bunch of meetings on my calendar with different people, I canceled all of them and just told them, guys, I'm doing client work, you're gonna have to reschedule with me. I'm unavailable for the next two weeks. I wanted to give the client all of my attention and the best of my work and the best of my time. I also focused like heavily on communication, which I

I mean, I communicated well when I was just a pen tester, but I overly communicated right like I sent them an email every morning here the exact things I'm working on at the end of the day I sent them an email saying, Hey, here's everything I checked I had multiple early disclosures, which is amazing, but very quickly wrote that up for them jumped on calls with their team helped them remediate things and really going above and beyond but a big part of that is like, you know, this is my company like I want to make sure the client is receiving their absolute best when they are working with me. We're as an employee.

for good or for worse, you don't own the company. Like at the end of the day, when it affects the company's bottom line, they can just lay you off and you might not get any notice. Like you don't have that freedom or that flexibility. Now some companies, and I might make some people mad when I say this, but some companies are like, hey, when you work here, we want you to have the mentality of an owner. And my response is if you want me to have the mentality of an owner, you should be.

pay me like an owner, like that's the difference, right? An owner has the mentality of an owner because they are directly benefited from the company's revenue. I benefit directly from Kairosac and HackSmarters revenue, whereas if I'm an employee, I'm not gonna work 60 hours if my salary is only 40 hours. I'm just not going to. If I work extra hours, it's gonna be building something of my own. So.

Tyler Ramsbey (15:11.886)
That's where a lot of the freedom comes in as well. Like there's significantly more ownership and responsibility. But once again, like when I finished that engagement and I submitted that pen test report to the client and was able to come alongside them and help them patch some of the really critical vulnerabilities, just incredibly fulfilling, seeing it all front and center. I mean, all the way from the first call when I first met them to scoping out the engagement for them, to doing the engagement.

We haven't scheduled the debrief yet, but I'm sure the debrief will come, but then walking their team through all of that, more ownership, higher quality, I think, higher quality work than I've ever done in my career because of that owner mentality. Yes, that's a long answer to say yes, spot on.

Kyser Clark (15:54.702)
No, that's great. That's all juicy information. I totally agree with you. I watched a lot of Gary Vee as you know, I sent you a clip of it Gary Vee and he's like, he always like when he does talks and one of his famous things he's like, he's like stop expecting employees to give as much of a as you and like, wow, that's that's true. And like, and when you talk about trying to give the client

Tyler Ramsbey (16:04.655)
Yes.

Tyler Ramsbey (16:13.54)
Mmm.

Kyser Clark (16:23.276)
your best. And it's like when I as a pen tester, like I do do my best, but there's a team that's a that surrounds me that helps me do that. And like with the client communication, I have a team around me and helps me do that. So there are times where I'm like, you know, I'm not going to really go to extra here with the client communication because we have dedicated people for that. And I guess that's part of the employee mindset for me is like.

you know, with that, but when you're the owner, you said, like you want to go above and beyond because it's your client and it's like, it's hard to, it's hard to go above and beyond when it's not your client. I mean, you want to write, no employee wants to be bad, but. And you can be good, but going above and beyond being accessible, that's, that's hard to do as an employee because it's not your client.

Tyler Ramsbey (17:05.84)
Very true.

Tyler Ramsbey (17:18.073)
Yeah.

Tyler Ramsbey (17:21.544)
Often you don't have that flexibility, right? Even if you want to and even on like the communication side of things, that model, that was my model in my previous company too, where I normally wouldn't, I would communicate with the client a little bit, but generally it would be like through a project manager or if there's a technical question, there would be through me. And I would say most firms that works well, because to be blunt, a lot of pen testers,

probably shouldn't be communicating with clients like day in and day out. And the reason for that is pen testers are highly technical and the client may not be and then the pen testers is gonna be speaking in some crazy language, the client's gonna be confused. So it's good most of the time to have a little bit of translation between the pen tester and the client. But I think if you are able to balance that, like what helps me is I spent 10 years as a pastor, like communicating with people in very dark seasons of their life, like,

I've walked people through the darkest moments of their lives. And I didn't do technical work as a pastor. So I believe I can speak to non-technical and technical audiences really well, but that's a unique aspect of my background. So it works well for me, but it's probably not, not probably, it's not scalable, right? So if Kyra Sec ever grew to have like 20 pen testers, I wouldn't want all 20 pen testers providing like daily updates.

from themselves to the client. But that's one benefit that I could do now at KyraSec. Like I at least hope I'm communicating good enough and it comes off well to the client. So that's another benefit of small pen test firms as opposed to larger ones. A small pen test firm has benefits, larger ones have their own benefits, each have their own weaknesses. And it depends on the client needs on whichever one is gonna work best for them.

Kyser Clark (19:08.12)
Right. Well, let's go ahead and get into our security. Malibs before we get too far in this episode. So for those who don't know, Tyler will have 40 seconds to answer five security. Malibs. are filling up my questions. If he answers all five questions in 40 seconds or less, I'll get a bonus six question unrelated to cybersecurity. So Tyler, are you ready? I'm looking for my phone. Thanks. My pocket. I'm digging my stopwatch out here.

Tyler Ramsbey (19:15.61)
Let's do it.

Tyler Ramsbey (19:32.814)
I'm ready, dude.

Kyser Clark (19:39.17)
That's how know I'm not addicted to my phone, I don't even know where is half the time.

Tyler Ramsbey (19:42.434)
Is it one word as a madlib or is it like a phrase? Like what are the rules on this? How I can answer.

Kyser Clark (19:47.854)
Yeah, it could be one word, two, three. It's however long you want it. Ideally shorter is better because you're on a time limit, but I would say the fewest words as possible, but there's no limit.

Tyler Ramsbey (19:52.759)
All right, dude.

All right, let's do it.

Tyler Ramsbey (20:00.856)
Alright, I'll try harder.

Kyser Clark (20:03.95)
Alright, here we go.

Kyser Clark (20:10.008)
Tyler, the weirdest excuse a client gave me was...

Tyler Ramsbey (20:16.962)
It works on my computer. I don't know why it doesn't work on yours.

Kyser Clark (20:21.386)
A term that needs to die in cybersecurity is

Tyler Ramsbey (20:26.714)
Try harder.

Kyser Clark (20:28.49)
If I had to teach hacking to a kid, I'd start with.

Tyler Ramsbey (20:34.65)
Social engineering, kids are good at it already.

Kyser Clark (20:37.568)
A rule I always follow on Red Team is...

Tyler Ramsbey (20:42.596)
Be very, very quiet.

Kyser Clark (20:44.866)
The tool I always forget to install is...

Tyler Ramsbey (20:49.327)
DIRR search.

Kyser Clark (20:51.438)
36 seconds. Nice. Congrats. So you've earned a bonus six question. This one is unrelated to cybersecurity. You can relate it to cybersecurity if you want, but it doesn't have to be. You can be unrelated to cybersecurity. You can even dodge a question entirely if it's something you don't even want to talk about. If you think it's just a dumb question. Here we go. Bonus question. The world would be a better place if we banned

Tyler Ramsbey (20:53.317)
Boom.

Tyler Ramsbey (21:01.987)
Okay.

Tyler Ramsbey (21:09.06)
All right, let's do it.

Tyler Ramsbey (21:18.64)
you

Tyler Ramsbey (21:22.028)
Okay, this is gonna be controversial. Alcohol, dude, I freaking hate alcohol. If people want a drink that you do the THC drinks, screw alcohol.

Kyser Clark (21:33.742)
Yeah. In as someone who was a borderline alcoholic, I'm not afraid of him in that. Cause like when I was in Korean military, like I, I drank a lot, like I was legitimately concerned for my liver. Nothing. It doesn't really do a lot for you, man. I've went almost a year now without drinking. And, um, let me just tell you what my productivity has been very high. I was never, I never had a problem with alcohol and never had an incident, nothing like that. Never had no negative side effects other than like.

Tyler Ramsbey (21:44.506)
Hmm.

Kyser Clark (22:02.222)
What it hurt with my productivity because I'd wake up the next day and I'd had to spend half a day to like get the hangover done with and like I just was tired of it killing my productivity. So I just cut it out altogether. Now I'm not going to be alcohol free for my entire life, but I just told myself like. I need to go a year without taking a sip of alcohol because I haven't. I haven't went an entire year without taking a drop of alcohol since I was like 19. So.

Tyler Ramsbey (22:29.186)
Nice. Yeah.

Kyser Clark (22:32.054)
Yeah. So it's a challenge I did myself. And once I get the year, you know, I will have a beverage here and there, but I know not to ever do it. Cause I used to be the type of person like I can never say no to a drink because I like to taste alcohol.

Tyler Ramsbey (22:38.809)
Yeah.

Tyler Ramsbey (22:46.472)
Have you ever had this might get off track on the podcast. I've tried those THC drinks that I think they taste good. They don't leave you with a hangover and they don't mess you up. At least they don't mess me up. Like they can relax me and like call me and like those social situations. So I'll drink those but yeah alcohol is just I mean it ruins so many families. Like if you want to drink something I just tell people like you'll grab a THC drink. You'll regret it less in the morning.

Kyser Clark (23:16.514)
Yeah, I've never had a THC drink. I don't know if I will either.

Tyler Ramsbey (23:21.776)
Yeah, you might fail a drug test, so you want to be careful if you have a drug test coming up.

Kyser Clark (23:25.07)
Yeah. Well, I mean, I never said this on a pocket. I'll just say it again. I told you to set while I talking about this. I'll just say it. So back in the day, I did fail a drug test back when I worked in an order of refineries. Yeah, I did. And, um, I, it almost ruined my life, but actually was one of the reasons what made me go into the military because after I got fired for failing a drug test, I had to figure out what the heck I was going to do with my life. And as I was preparing myself to go into military and I'm getting that job back, I actually

Tyler Ramsbey (23:34.638)
That's right. I remember that. Yeah.

Tyler Ramsbey (23:49.604)
Yeah.

Kyser Clark (23:54.528)
After I got clean because I wasn't a habitual pot smoker, but it was just like a new year's thing and I I went to that company. I was like, hey you guys fired me because I failed a drug test because I sucked went back to work and they hired me back in I passed the drug test and I worked there for like another six months and then I went into military But if I if I didn't fail that drug test I wouldn't even I there's a good chance. I didn't go to the military and I didn't

Tyler Ramsbey (24:16.592)
Sure.

Kyser Clark (24:24.318)
I would have stayed in like the oil refinery business and I might not even be in cyber security today. But so it was like a blessing in disguise. I like when I was in the military, I would have nightmares of me like succumbing to the peer pressure. I was like, man, yeah, because they direct that shoot.

Tyler Ramsbey (24:37.968)
And then fill in the drug test. That reefer madness dude, marijuana will get you.

Kyser Clark (24:43.692)
They because they direct test you all the time in the military. I mean, I hadn't been a dozen times. So I've been I've been clean off of THC for, man, a very long time. But yeah, I don't know. I'm I'm afraid to go back to the THC, not just because I've been clean for so long. I've just been living so long without it. I just know I don't need it, you know. But yeah, I mean, I had nothing wrong with with it. Just it's just a personal preference, really.

Tyler Ramsbey (24:46.49)
Sure.

Tyler Ramsbey (24:56.655)
Nice.

Tyler Ramsbey (25:06.34)
Yeah. Yeah.

Kyser Clark (25:14.638)
So I'm going to answer my question with throwing my two thoughts of the world would be a better place if we banned. I'm going to go only fans. I'm going to go only fans. I think the world would be better if we wasn't. Yeah, I think it's been a net negative for society overall. No gains there at all, even for the people who are actually making a lot of money. I still think it's a net negative for them in the long run.

Tyler Ramsbey (25:22.445)
Yeah.

You think so? That's how I make my money. Now just play and keep going.

Kyser Clark (25:43.532)
I'm not going to get into the reason behind that. I'll just leave it at that.

Tyler Ramsbey (25:43.738)
Yeah.

Tyler Ramsbey (25:48.708)
That's good. That's that's a that there's wisdom there. I there's a lot of wisdom.

Kyser Clark (25:56.216)
So back to the security battle of you said a turn that needs a dinosaur security is try harder. Man take another shot at opposite every time this man gets on the mic.

Tyler Ramsbey (26:07.116)
I know. So actually I've repaired, have repaired my relationship with OffSec for the most part. And I left it short at Try Harder. I don't think when Try Harder is properly understood, it's not a bad thing. The original meaning of Try Harder was, hey, you're going to encounter walls in your career or especially when you're getting ethical hacking. And when you encounter that wall and you're like, I can't go any further. You can.

You can go further. mean, you learned that in the military, I'm sure I learned that in boxing, right? When you're in a ring and you're fighting someone and getting hit in the face. My coach used to say, if you can't fight tired, you can't win fights. It's not about not getting tired. You're gonna be exhausted in the ring. You have to learn how to fight even when you feel like you can't go on any further. And I think that's the proper understanding of try harder. It just has now become...

like a phrase that people throw at people, especially when they're brand new to the industry and struggling with something instead of helping them. It's like the try harder mentality. So that's the try harder I don't like, but when it comes to off-sec, we could even talk about that. Me and off-sec, I should just say me. I don't know about them. I didn't like off-sec. I did the OSEP. I did the Penn 200. I didn't like the quality of it, thought it was bad and made a video and a freaking rap song about them, but they came back to me.

This would be about six months ago now and thought it was like a fishing thing, but I actually knew the person who became the VP of marketing there. And they're like, Tyler, would you give us another chance if we gave you a learn one subscription? And I said, I'll take your learn one subscription. I don't know if I'll give you another chance, but I'll at least like give it a shot. So I'm working on the OSEP now. So for those of you don't know, you have the OSCP, the C like C as in cat.

That's the more introductory cert. The OSEPE as an elephant. I don't know why they sound so freaking similar, but the OSEPE or the OSEP is like the advanced version of the OSCP. So that's what I am working on right now. And I just told Offset, look, I'll give you honest feedback as I'm going through it. And that's what I've been doing. I'll probably take that exam, that certs or that exam in January or February, but even then the course itself is still a bit outdated like.

Tyler Ramsbey (28:26.392)
I'm not super impressed with it. I'm gonna get it just because they gave me the voucher and like they learned one, I get two attempts. But then again, it's still not great. Like a lot of the material from it is from 2020, which wouldn't be that big of a deal except for if you pay for the course yourself, it's like a $1,700 course for 90 days of lab access. And I just think, yo, off-sec, if you're gonna charge that much money to people, you really need to put in the time to make sure the course is up to date, at least.

freaking 2024 or something. But yeah, I've kind of repaired my relationship with OffSec. Like I think we're on, we're on a good relationship now. I respect them. I don't know if they respect me, but I respect them.

Kyser Clark (29:07.63)
And if they're reaching out to you, then they respect you. They wouldn't reach out to you if they didn't. I mean, how can you not? I mean, you, uh, you make honest content. Your opinion is not for sale. You got to respect that. Even if it's a little like if you're poking holes in someone's game, that's not bad. If that, if that makes sense in my opinion, I mean, if you have constructive criticism, think constructive criticism is good personally.

Tyler Ramsbey (29:20.366)
Yeah, thank you.

Tyler Ramsbey (29:35.374)
Yeah, well, unlike my issue back then, they've made significant improvements right to the OSCP since I went through it. But I try to give feedback back then and like, everybody at OffSec sort of ignored me and it just seemed like, hey, now that I have like a bigger name, they finally take me seriously. So it is what it is. It works for me.

Kyser Clark (29:55.018)
Yeah. For me, try harder. I have been on both sides of the trial. I'm like, yeah, man, it's like, this is the way. And then there's times where it's cause like when I went to OSCP, I passed my first try. I mean, I want to say it was easy, but there wasn't as much struggle as nearly as much trouble. When I went through the OSW as the off-site web assessor, where I failed it three times and passed my fourth try. That was.

Tyler Ramsbey (30:22.224)
sure.

Kyser Clark (30:23.374)
try harder at work. I'm like, dude, what, like, I'm like, lose my mind on my, do I just suck? Like I thought I had to retire from pen testing honestly, after failure three times. Yeah. So, yeah. So I've definitely can see how people get frustrated when they're like, try harder. Cause like my biggest gripe about off-sec is when I'm stuck and I need to ask a question and

Tyler Ramsbey (30:31.204)
Back to the oil rigs dude, back to the oil rigs.

Kyser Clark (30:53.142)
I think it's okay for the off-sec mentor or student mentors to be like, what did you try and not get spoon-fed answer? I don't agree with spoon-fed answer. So, you know, when I'm stuck, I'm legitimately stuck and I'll type out a paragraph, everything I've tried, everything that I think should work. And my question to you, you're pretty good. I've never had an off-sec mentor be like, try harder. Although I have seen off-sec mentors say that to other people, but that's because they were bad questions. There are such things about questions in the off-sec discord, in my opinion, but.

Tyler Ramsbey (30:58.394)
Yep.

Tyler Ramsbey (31:21.519)
Yeah.

Kyser Clark (31:22.766)
I can see the frustration because I think my biggest gripe with it is it takes a while for them to respond to you. I'm like, because for here's me, you know, I work my eight hours a day. I get off work. I sit aside three hours and I'll maybe study for an hour. And then I get stuck. I'm like, all right, let me ask a question. And I don't get a response until the next morning. I'm like, well, there goes all my study time. Cause I'm kind of stuck. I've literally, literally try everything. I know to try.

Tyler Ramsbey (31:30.049)
Mm, yeah, that's true.

Kyser Clark (31:52.512)
And that's annoying because it eats up your lab time because you're like, dang, I set aside three hours and I only got to use one of those hours or sometimes less than that. Like sometimes you get stuck as soon as you start studying, but you should, I mean, you should really try an hour or two before you ask a question. But for me, my rule was like an hour and a half or hour or so at least an hour. But that's my biggest.

Tyler Ramsbey (31:52.912)
to.

Tyler Ramsbey (32:09.776)
Sure. Yeah, and honestly, just the practice of writing out what you've done. You know, I saw that as well when I was going through the OSCP in particular and always thought it was maybe a little bit mean, but honestly, now that I have my own courses and my own platform with labs, the amount of questions I get from people, they're just like, hey, such and such isn't working. I'm like, what the frick have you done? Like, can you provide a little more detail, my friend? And even the detail they provide is bad. And I'm like, look,

I can help you but like you really need to learn how to troubleshoot. You're not gonna succeed in this field if you don't know how to one, use Google but number two, like there is now AI. Like literally take your question you're asking me and ask it to AI. If you haven't done that yet, don't freaking bother me with your question. Like I wanna be available but there is a lot of wisdom in just teaching people how to ask good questions, how to document what you've done and often at least for me,

When I've been stuck on things, when I actually type out, I've done this, I've done this, I've done this, while I'm typing it, I'll think, you know what? But I didn't do this. And then that's often the way in. So just like typing out what you've done so far, what is it, the rubber duck method where you like talk to the duck about what you've done? It's actually way more powerful than I even thought myself.

Kyser Clark (33:27.278)
Yeah, there's been tons of times where I go to the offstage, this girl type in a full paragraph. And I'm like, I tried this. I tried that. I tried this. Oh, I could try this. Let me go see if that works. And that works. Like, all right, delete this question. I don't have to ask it now.

Tyler Ramsbey (33:40.174)
You learn so much doing that though. And it's the same in a pen test as well. Like when you're in a pen test and there's something difficult or challenging, just typing it out to your team to get feedback. Often that act of typing it out, you give yourself some of the best feedback that you could receive.

Kyser Clark (33:55.182)
Yeah. And then your, your advice on AI is golden. Cause I mean, it used to be like the old, a Google that for you, but now it's like, Oh, let me chat. You be to that for you. Cause or whatever AI use, use chat. And, uh, yeah, that should be your go-to and you know, AI doesn't get everything right, but it's a good starting point. actually, I'll say actually encourages chat. be to usage when you're going through the labs. I think it's still banned for the exams, but.

for the labs, actually encourage you to do that.

Tyler Ramsbey (34:26.606)
Yeah, which is like, I'm curious your thoughts on the AI ban on the exam. I've seen people get mad about that, but I got the OSCP before ChatGPT was released, like before it was a thing. And I do think that if you're learning ethical hacking today and you immediately dive into GPT to like, for those labs or fundamental concepts, especially on an exam, you are cheating yourself. I think like AI is here to stay.

but it can harm your long-term learning if you overly rely on it. So I actually agree with Ofsak on not having it on their exam, but curious your thoughts, like for people who are getting into the field today, how should they use AI?

Kyser Clark (35:08.174)
a question I think is a great study tool and I use it all the time for literally everything. mean, I don't even Google half the time. Like I'll be running a tool. I'm like, okay, I know what tool I want to use, but I forget the syntax. So I'll just be like, what's the syntax for this? And then it will tell me. And I feel like a lot of times it gets it wrong. Um, and then I'm just like, Hey, you got it wrong. It's not working. And I'm like, Oh, what I actually meant was, and then you try that three more times and it finally works. Um, so it.

Tyler Ramsbey (35:29.997)
It does, I've noticed that too.

Tyler Ramsbey (35:36.794)
Yeah.

Kyser Clark (35:38.282)
But it's still quicker than a Google search sometimes though, because, your exact situation is almost never on Stack Overflow. You can find bits and pieces on Stack Overflow and the other websites and other blogs, but Chaiti Buti can take the exact context and work with you. So definitely use it to study. If you have questions, I would, I would only use it if you're stuck or if you're looking up syntax. I don't, I don't think there's a

Tyler Ramsbey (35:56.88)
Sure.

Kyser Clark (36:05.678)
point in memorizing syntax personally. mean, every command that I have is either in my notes and if I don't have it in my notes and I just play, I know I can do this and this with this command. What are the flags for? And I was like, yeah, you can check the man pages, but Chad's we tease faster than the man pages and times money, especially on off-sec exam, but you can't do it in off-sec exam. I dunno, being an off-sec exam. I agree with it because I think it would be too easy.

If it was, if you could use chat, EPT and off-set exam, because it is a powerful tool and it's supposed to be hard on purpose. A lot of people don't like it because it's hard, but that's why it's valuable is because it's hard. And,

Tyler Ramsbey (36:40.976)
sure.

Kyser Clark (36:52.608)
Yeah, it, trust me. have my fair, like I said, I have my fair share of off-sec failures and it sucks to fail. But when you pass without help or you're like, dude, no one helped me do this. Like I did. I figured this out. Like the sense of pride is so much higher. Like I remember on episode 36, you asked me what my favorite cert was. I said, it's the big, cause I failed it three times. I my, it's the way more than my OSCP because I failed it three times, but the industry values. it's EP more.

Tyler Ramsbey (37:05.188)
Yes.

to share.

Tyler Ramsbey (37:13.273)
Yeah.

Tyler Ramsbey (37:18.436)
Hmm.

Kyser Clark (37:20.812)
name recognized, but for me personally, I value the way cause it, taught me a lot and it gave me like failing. How many times like, it like I was in a posture after failing many times, but then when I finally passed it, I go on a web app with way more competent confidence.

Tyler Ramsbey (37:38.66)
Yeah, that's amazing, dude. And it takes so much more to succeed after failing. I remember when I took the OSCP and I remember thinking like, dude, if I fail this, I don't wanna take it again. And honestly, if I would have failed.

I don't know. I'm sure I would have eventually taken it, but it takes a level of courage that I think a lot of people don't have to fail an exam, especially multiple times and still go through and pass it. Like honestly, that's more impressive than passing on your first try, in my opinion, like hands down.

Kyser Clark (38:13.486)
100 % and you learn way more when you fail. Um, I passed most of my certs on the first try, but there's been a handful that I failed and I ended up learning more and like, yes, it's failing sucks. But at the end of the day, you it's going to make you a better, whatever you are a pen tester. If you're going for like a soccer analyst, sir, it's going to make you a better soccer analyst or like CCNA for me. I feel that it's going to make you a better network engineer. If you feel that your first time.

Tyler Ramsbey (38:36.206)
Yeah.

Kyser Clark (38:42.382)
It doesn't feel like it in the moment, but then when you pass it the second time, you're like, Oh, I understand why I failed. And it made me hit the lives a lot, way harder. And I learned way more because of it.

Tyler Ramsbey (38:51.332)
Yeah.

spot on.

Kyser Clark (38:56.142)
And yeah, you can't. And then I would say the more times you fail, the easier failure gets. just, I failed a PMPT, uh, I don't know, like a few weeks ago. Didn't even bother me because I have 19 other certs on my bro. don't really care. Like it doesn't really bother me. I'm like, yeah, it stung a little bit. I'm like, man, I'll get it next time. You know, like I don't need this cert. It's not, it's not a huge impact on my career. If I get this or not, it's more of a, just to keep the skill sharp.

Tyler Ramsbey (39:03.321)
Mmm.

Tyler Ramsbey (39:16.037)
Yeah.

Tyler Ramsbey (39:26.288)
Sure, that's awesome. And I think you talked about this before we went on, but you're planning on retaking it soon, right? The PNPT?

Kyser Clark (39:33.45)
Yeah, in December.

Tyler Ramsbey (39:36.142)
Okay, nice. What do you think about the PNPT compared to like the OSCP?

Kyser Clark (39:37.314)
Yeah, this.

Kyser Clark (39:42.594)
They're different. I would say the PMPT is definitely more real world. It's more real world because there's no flags to capture. It feels like it's scoped a little bit more like a real world engagement.

Kyser Clark (39:57.588)
And I can't tell you which one's harder or which one's not because I didn't make it that far in the, in the PMPT. And the reason why they make it very far is because I slept on the OSINT and I didn't even break into internal. I didn't even, I didn't even break into internal cause that's where my confidence is in the internal. and the reason why I didn't break in an internal cause my OSINT was lacking because I, I don't like OSINT. don't.

Tyler Ramsbey (40:10.723)
Mmm.

Tyler Ramsbey (40:17.924)
Yep.

Kyser Clark (40:25.134)
It's not my thing. Like stock on people and find all this about them. Like, it's just not my thing. And I'm like, yeah, it can't be that big of a deal. It's really not that big of a deal in that exam, but I should have paid more attention. No, since section is all say about that. so I don't, I don't know what trends harder.

Tyler Ramsbey (40:30.671)
Yeah.

Tyler Ramsbey (40:40.696)
Yeah, that can be tough and especially like the like a real world pen test and you can attest to this but often like it was an internal pen test. It's going to be like assume breach. So you're going to have starting creds or you're going to have like a machine in the network so you can like throw up responder right away. Like it's very I don't like for 99.9 % of engagements. I'm not doing a full OSINT campaign because the scope is very clear. If it's a red team engagement, maybe I'm going to do OSINT but I agree like

OSINT is tough thing because it's not something if you're a pen tester in ways, it's not something you do day in and day out unless you do a lot of red team engagements.

Kyser Clark (41:18.818)
Yeah, you're not doing us. I'm not doing us any either. My first ever pen test on external network when I was not for my current company, but when I was an intern at another company, I was transitioning out of the military. I spent half a day on OSINT and then one of the senior pen testers was like, yeah, he spent too much time on OSINT. I was like, okay. I'll never do that again. So I haven't spent more than a half a day on OSINT ever. It's, it's a couple hours maximum because I, I'm

Tyler Ramsbey (41:42.095)
Yeah.

Kyser Clark (41:47.072)
As a pen tester, I feel like it's my responsibility to test the technical stuff, not the non-technical stuff, unless the client specifically asks for an OSINT review.

Tyler Ramsbey (41:54.34)
Yeah.

Tyler Ramsbey (41:59.268)
Yeah, that makes sense.

Kyser Clark (41:59.54)
Or if there's just not as many technical gaps, like if there's not a lot of ports open, then, then I'm checking like. Dehashed and check checking the data breaches and all that. That, but that's only if there isn't enough things to interact with, which is very rare. I've, I think of like ran across a couple of times. Cause enough times, most externals like there is enough to interact with the test.

Tyler Ramsbey (42:10.416)
Sure.

Tyler Ramsbey (42:22.254)
Yeah. Do you guys do much like red team engagements? I know when I do red team, that's where OSINT does come into play because then you want to be stealthy, right? So then I'm collecting like a list of employees. I'm looking for domains. I'm looking for phone numbers. I'm spoofing phone numbers. I might do LinkedIn sock puppet stuff, but specifically red teams. I don't think I really do that on internal or externals. Do you guys do much red team engagements and do you do OSINT when you do those?

Kyser Clark (42:48.172)
Yeah. So our pen does firm, we do red team engagement. So it's a newer thing that we have started offering. I haven't been on a red team engagement, but we do have some red teamers on a team. And it's my goal to be a part of that red team. So I'm working my way up there, but I'm still still learning what I can as a pen tester. And eventually I'm going to get the right team. But yeah, I haven't been on a red team engagement, but we do have pen testers who have been and just hearing about them like, yeah, OSINT.

Tyler Ramsbey (43:02.937)
Nice.

Kyser Clark (43:18.158)
plays a factor in that for sure.

Tyler Ramsbey (43:20.558)
Yep, yeah, definitely. That makes sense.

Kyser Clark (43:24.75)
All right, Tyler, well, we are over the time limit, but this, the time flew by. These are the greatest conversations ever. So I appreciate you hop on the show before we get off though. I got to ask you the final question, which is different than your last final question. The returning guests get a different one. So here it is. What's one key lesson you've learned recently in cybersecurity, or if you prefer, what's a bold prediction you have about the future of the field.

Tyler Ramsbey (43:36.772)
Let's do it.

Tyler Ramsbey (43:50.564)
The key lesson I have learned in cybersecurity, it's a mix of cybersecurity and career, but it's the ability and willingness to tell people no, I generally want to be well liked and I want people to be happy with me. But I learned as I started Kyra suck and hack smarter and pen testing, like I now say no to most of the requests I get.

but you have to say no to the good things so can say yes to the best things for your career and for cyber. So that's what I'm still learning honestly and trying to implement in my own life.

Kyser Clark (44:27.041)
And I've been trying to work on the final list and the final list, but I do have one follow-up question.

Tyler Ramsbey (44:32.112)
All right.

Kyser Clark (44:33.47)
And I have another thing to say on that. So no is a complete sentence, by the way. You don't have to explain yourself. I don't know if you know that, but it is a complete sentence for anybody that doesn't know that it is a complete sentence. You do not have to explain yourself. And my follow up question is this. So like, what, what do mean by saying no? Like, you talking about clients? Like people asking a mentor, team members, family members, like who you saying no to?

Tyler Ramsbey (44:39.15)
That's good. Yes.

Tyler Ramsbey (44:56.162)
Yeah, so definitely not clients, right? Because they're the ones actually paying money. So I want to make sure I'm not telling them no unless it's a really bad client. But as you know, Kaiser, like when you're in the YouTube space, and you have a community around you, like the amount of people I get to reach out to me, they're like, Hey, can you review my resume? Can we do a mock interview? Can you mentor me? Can we just jump on a call? Can I pick your brain for 30 minutes? It's like

No, you can't. And it's not me being a jerk, but at the end of the day, I have very limited time. All of us have very limited time and I wanna make sure I'm really prioritizing my time. I've been learning that, and I knew this intellectually, right? But as I've been starting my own business, I've learned a lot that I can always make more money. I cannot make more time and that's what really matters. So I've been very selective that when someone's like, hey,

Can we do this, this and this? Most of them I'm saying no, like this is awesome. I for sure wanted to do this, which is why I'm here. If I didn't wanna do it, I wouldn't be here. But huge fan of you guys or huge fan of what you're doing. But I get a lot of requests as I'm sure you do as well. And I just, can't say yes to all of them. I mean, I could, but then I couldn't do any of the big impact stuff such as building courses, building labs, building community. So really I'm focusing now on mentoring at scale.

via YouTube and Hack Smarter and Kyrossec. And I have to say no to the myriad of one-on-one meetings and messages I get just because there's not enough time in the day. And I need to focus on what matters the most for me in this season of life. And if that means disappointing people, that's fine. Like if I don't disappoint them now, they'll see a video I make at some point in time and get mad at me and leave a comment anyway. So was like, whatever.

just be mad at me now and we'll just save you the time of being mad in a month. That's what I'm learning.

Kyser Clark (46:54.958)
Well, I appreciate unpacking that in Tyler. Once again, thanks for being here on a show and thanks for saying yes to the, to the podcast, man. I appreciate it. was in the, one of those yeses and audience members. we're working on his volume. They want to get a hold of you.

Tyler Ramsbey (47:01.423)
Honored to be here, dude.

Yes.

Tyler Ramsbey (47:11.748)
Yeah, primary platform is YouTube. So can just search for me Tyler Ramsby on YouTube. I have, I think almost 800 videos now, which is insane, but a bunch of completely free content on pen testing, ethical hacking, some blue team stuff. So YouTube is the best platform. I also have a discord community. If you go to hack smarter.org, you can join our discord. And then I'm super active on LinkedIn as well. So if you're on LinkedIn, just look up Tyler Ramsby and you'll be able to find me there.

Kyser Clark (47:38.062)
Yeah. I subscribe to Tyler makes great content. Some of the best that they're out there. There's sometimes I talk to people and I'm like, have you ever seen Tyler and they're like, no, I'm like, how do you not know who Tyler Rainsby is? But, yeah. Um, audience members, best place for each means dropping YouTube comment, ask your questions there. I replied to all of them or at least most of them. And if it's really good one, I'll feature on one of my Q and a episode. If it's a good question. All right. members. Thanks for watching. Thanks for listening.

Tyler Ramsbey (47:50.787)
Amazing.

Kyser Clark (48:06.894)
If you're on audio, raise your show five stars if you haven't already. you're on YouTube, hit the like button, hit the subscribe button. Hope I see you next episode until then. This is Kaiser and Tyler signing off.

Tyler Ramsbey (48:17.764)
See you guys.