The Hacker's Cache
The show that decrypts the secrets of offensive cybersecurity, one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
The Hacker's Cache
#77 If I Had to Start Cybersecurity Over in 2026... I'd Do This
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
If I had to start my cybersecurity career over in 2026, there are a few things I would do differently. In this episode of The Hacker’s Cache, I break down my full cybersecurity journey from joining the Air Force, earning Security+, Linux+, CCNA, CISSP, OSCP, and other certifications, becoming a penetration tester, building a YouTube channel, dealing with burnout, and pivoting into AI security. I share my biggest cybersecurity career regrets, what was actually worth it, what I would skip, and the advice I’d give to anyone trying to break into cybersecurity today.
Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.
Welcome to the Hacker's Cache, the show that decrypts the secrets of cybersecurity one bite at a time. I'm your host, Kyser Clark. And in this episode, I got also an episode for you, and we're going to be talking about what I would do differently if I was building a cybersecurity career in 2026, and really what we're going to do is we're going to go through my entire career from start to finish, and I'm going to talk about why I did the things that I did and, you know, what the things I regret, the things I would do differently along my journey, and it's going to help you shape your career.
If you're looking to break into cybersecurity or level up in your existing role, so without further ado, let's just go ahead and hop right into it. So for those who don't know, I guess I know I got a lot of new listeners and followers and subscribers. I kind of ran over my career when I started this podcast on episode zero.
So if you've already listened to that, it's going to be a little bit of a refresher, but this podcast is now two years old, so two years where the things have happened to me since that. So there's going to be that plus an additional context. And then also I got two more years of hindsight that's going to help you kind of understand my journey.
And, and really what we're going to be going through is we're going to break down like every single step along the way on whether it was worth it or not and, you know, what I would do differently. So without further ado, let's just hop into it. So April, 2018, I enlisted in the US Air Force, got a guaranteed job as a client systems technician.
And that's how I started my tech slash cybersecurity career. Went through basic training like everybody does. And then after basic training, you're at your technical school where you learn your job.
And they taught me how to work on computers. And at the end of my technical school, they make you get the security plus certification. That was my first ever certification.
And that's where I fell in love with cybersecurity because I was really, really good at it. Anybody that knew me from tech school, they know that I actually had like the highest practice test score of all time of like in the whole school. And I was tutoring people and I was really good at this security plus.
And I ended up passing security plus before all of my peers, not even kidding, no exaggeration. I passed it before everybody else. And I graduated tech school before a lot of the people that went there at the same time as me, because I was so good at security plus, like, and it didn't come naturally to me, by the way, like I really did put in the time on like my peers, you were partying and on the weekends after, after school, I was studying every single day.
So that was why I was able to really get the security plus. I had my peers, but I had a lot of fun doing it. So it was, I don't want to say it was easy, but I had a lot of fun doing it.
And that's what really got me started in cybersecurity was it was the love of security plus. I really enjoyed that certification. So after graduating tech school, getting my security plus certification, by the way, would not change any of that.
Joining the United States air force active duty was the best decision I ever made. Hands down would not change, change that for anything. Going to my first duty station, I was, the main goal was to just learn your job.
So they immediately put you in upgrade training where you just, you got to take what you learned in tech school and then just level it up. It's literally upgrade training. So I did my upgrade training in like six months.
Again, I was ahead of most of my peers. I actually finished second out of all of my peers that kind of got to the base at the same time as me. And I actually got praised for that.
And he's like, Hey, you got this done before your peers, which is really impressive. I was like, thank you. Like I said, I was the second one to get upgrade training done.
I've always been like the person that just accomplished things fast, I guess. So after my upgrade training, I did and by the way, that was mandatory. That wasn't optional training.
I decided to go into college, decided to get my college degree because you can't pursue college while you're in the military until you get your upgrade. At least you can't get the military to pay for it. So therefore it's to give you tuition assistance.
You can't utilize that tuition assistance until your upgrade training is done. So once I upgrade training was done, boom, enrolled into school. I started pursuing my bachelor's degree in cybersecurity management policy.
And by the way, that was November 2019 is when I started my bachelor's degree. Shortly after that, I decided I want to become a Pentester. At least that's my leading position that I want to get into once I leave the military.
So I decided to commit to that and do some research. And there was three things that was very apparent. If you want to be a Pentester slash ethical hacker, you need to know Linux, networking and coding.
So with that in mind, first thing I did was started learning Linux. So I downloaded a Kali Linux box and I started going through the Kali Linux reveal book, and then I was like really confused, I had no idea what the hell was going on because I've never used Linux before this point. Very versed on Windows, by the way.
I've been using Windows my entire life, but Linux was a whole new thing for me. So very confused with this Kali Linux reveal book. And it was like chapter two, three, maybe even four.
It was early in the book. It was like, if these concepts are not familiar to you, we highly recommend doing this course. And I was like, wait, I'm really confused up to this point.
So let me check out this course. So once that course, honestly, it really sucked. It was boring.
I wasn't learning anything, but I went through the whole course. I was like, man, I didn't really learn anything. And at that point I was like, I don't think Pentesting is for me.
If I can't even understand Linux, it's the most basic thing ever. And then I was like, man, I don't want to give up. I'm not a quitter.
So what I did was I just reflected on my positive experience with the Security Plus and decided to go after the CompTIA Linux Plus, and that's really how I learned Linux. It is an honorable choice certification, guys, but you do need to go through the hands-on exercises that really understand Linux that the book tells you to do and the video courses tell you to do. So I passed Linux Plus in May, 2020.
So it took me, I started my Linux journey at the beginning of the year. Ended up getting Linux Plus in May, 2020. Immediately after that, started CCNA studies.
And I, my goal was to get the CCNA before I changed duty stations, which was in November of 2020. Unfortunately, the testing center was closed the day I want to do my exam or like around the time I want to do my exam. So I ended up postponing my CCNA test attempt and further, way further than I wanted to because after between duty stations, I was in Korea for two years.
And then I was going to go to Alaska for another four. So I was in between the duty stations. I was like, I'm going to take, I'm going to take a month off because I just, I didn't take leave.
So I literally took, was it a month? It was at least two weeks. It was like two, three, maybe four weeks. I just went back home and relaxed.
Like, I just want to go back home, you know, being overseas that long. Like I want to go back home and visit my family and stuff. And I didn't, I didn't, CCNA was not on my, on my mind at all.
I keep mine, this is during COVID, right? It was 2020. So when I got to Alaska, my next duty station, they put me in a two week quarantine and all I did was just play video games in there. I didn't study at all.
And then after I got out of quarantine, I moved into my apartment off base and decided to take the CCNA in January, 2021, and I actually failed that exam attempt. And the reason why I failed is because there was like a two month gap of me, just not even thinking about CCNA. And I forgot all that content.
I barely failed it. I think I failed it by a half a percent or like a one and a half percent or something like that. It was, I was only like two questions away from passing.
Devastated by it. Almost wanted to quit right there. It was my first failure.
And I said, you know what? I'm not going to quit. I'm not going to let this beat me. So I started, immediately started studying for it again, literally that day.
I just went, I bought another course and decided to just go through a different course and then just really take meticulous notes and really pay attention. And then like after a month of that, I realized like, man, I got to pause my CCNA studies again. Because Air Force promotion testing is coming up and those who don't know the way Air Force promotion tests, promotion testing works is that they factor a lot of things, but the main thing is that there's a test.
They make you do like a moral choice test about Air Force history. And then they also make you do a test on your job. Not every Air Force job makes you do a test on your job, but my, my job did.
So I had to take two tests, one about Air Force history and one about like just my job, which I studied my butt off for. I mean, I was putting, I was studying like a certification. Like I put in that much work and because they also, they evaluate you when you're in the military guys in an Air Force, the way they do it is they rate you between a one and a five and the higher you are, the more points you get for promotion testing.
Five is obviously the best one's the worst. Most people get a three. That's your average, like two is your below average one.
You're going to be really messing up if you get a one and then four is like, you know, a little bit above the average. And then five is like, you're like prime, like the leadership really likes you. Like I ended up getting a four guys.
I didn't get a five. I got a four. So I actually had a little bit of a advantage going into that test because I got extra points for getting graded at a four rather than a three.
Like most, most of my peers were rated. So I had that advantage and I just studied my butt off for the test. I just pretended like I didn't get that four.
I knew I had that advantage, but I just pretend like I didn't because I really wanted to promote to Staff Sergeant my first time, ended up doing it with flying colors out of 5,000 people, 5,000 plus people in my career field that was up for promotion, I ended up getting ranked at 14. If I got rated a five, I, there's a good chance I got rated in the top three, maybe even number one, because I, I had a very, very, very high test scores because I just studied my butt off for it. So once I got done with promotion testing, I decided to go back to the CCNA studies guys and ended up passing the CCNA in September of 2021.
So that was over one year. My CCNA journey was over one year. The CCNA was definitely a big battle for me and it was a huge relief once I passed it, like I literally was, it was one of the most joyous moments I ever had because it was really the first time I ever came a failure really.
So it was very, very big moment for me. And then, so up to this point, guys, I wouldn't change anything. Like Linux plus absolutely helped me out.
CCNA absolutely helped me out. Promotion testing absolutely helped me out. I would at this point in my career, like I wouldn't, wouldn't change anything.
Like, like I would do this all over again if I had a choice. And then the next thing I went into was the network plus certification. I didn't study for that because CCNA is so advanced or it's a higher level than it's the network plus that I didn't even need to study for network plus.
And the only reason why I got network plus was because why not, you know, I get the air force to pay for it and I could pass it fairly easily and because Comtia has the stackable certifications and I wanted to get one of those stackable certifications and that's why I got network plus definitely not needed. But now I'm thinking about it, guys, the CCNA was a little overkill. I did waste, I don't want to say I wasted time, but like, I, I probably didn't need, I didn't need the Cisco technology because I haven't touched a Cisco router or switch since I got the CCNA so if I had to change it, I probably wouldn't get the CCNA again.
And I don't recommend it unless you're going to go for like cybersecurity engineering positions, I would recommend a network plus, but in my case, having the CCNA probably didn't need the network plus, and then if I didn't get the CCNA then the network plus would have been absolutely necessary for sure. So I would say if I had to redo it, I would get one or the other, not both. And then, so that was, remember I said Linux networking and coding.
So that was Linux networking out of the way. And the reason why I chose CCNA was because it's the most popular networking certification in the world. And then after that it was coding, time to code.
So I literally taught myself how to program in Python. I got some bootcamps and I literally just self-studied Python. I did a 100 days of code challenge.
I did like 75 days in a row before the streak snapped or like 74 days in a row or something like that before the streak snapped and then the last like 25 days really it was like hit or miss because I was really burned out on coding guys. Like not a big, not a big coder. Like I think it's an essential skill to have.
It's not one of my passions. Would I change it? No. Learned a lot coding for sure.
And you know, this is before ChadGPT came out. Like I finished my 100 days of code, like before ChadGPT came out. So I can honestly say like I wrote programs without the help of ChadGPT, which is really nice.
It was around this time when I started my 100 days of code, I started doing TryHackMe and that was when I launched my YouTube channel. So I was making content doing TryHackMe and 100 days of code all at the same time. That's one of the reasons why I ended up breaking my 75 day streak on 100 days of code, because those videos, those early YouTube videos guys, because I was so new at it, I didn't have a workflow and it was just, I was releasing them every day.
For some reason, I don't know why. Cause, oh, cause I was doing Adventist Cyber and Adventist Cyber was like, you got to do it every day or you're going to fall behind because like it's literally lines up with the calendar, right? Of Christmas. So I was releasing a video of every room, every day for like the first, I don't know, 10 to 12 days, and then I was like, you know, I can't do this every day anymore.
I was super burned out right when I started my YouTube channel. Anyways, after the a hundred days of code and after doing TryHackMe and making videos, I started doing, I started studying for the CEH early 2022, but I stopped studying the CEH when I was about 80% done with the studies due to some controversial stuff going on with the CCNA. I can't even remember now what happened, but I just know a lot of people on Twitter, like if it's like people on Twitter was talking hella crap about the CCNA, I was like, man, I don't want the certification to tarnish my reputation.
People are making fun of this thing. Let's just not get it. So I didn't pay for the voucher.
All I did was pay for the same material. So not a big, big loss there. I keep in mind up to this point, I paid for all my study materials for every certification except and, and the vouchers.
So I paid for my Linux plus voucher. I paid for my CC, my first CCNA plus voucher because I didn't know how to use the Air Force cool, which is the program that pays for certifications. I didn't figure out how to use that until my second CCNA attempt.
And then my network plus I got the vouchers paid, but the same materials. I always pay for my own study materials, but the vouchers I started utilizing the Air Force cool for the vouchers. And they gave you $4,500 lifetime if you're wondering, which is a very amount of money to put towards certification vouchers.
So after I stopped CC CEH studies, certified ethical hacker, I decided to pursue the CISSP. And the other reason I didn't, I didn't think I was going to pursue the CISSP this early in my career. Keep in mind, I'm only at four years of my career at this point.
And you're going to have five years experience, but you can waive one year if you have another certification, which I did. And the other reason why I started going for the CISSP guys was because my, I was at the tail end of my, keep in mind the whole time I'm doing this, I'm in school, I'm going through school for my bachelor's degree in cybersecurity management policy and towards the tail end of my degree program, I started getting into cybersecurity courses. And one of the last courses was like advanced cybersecurity management.
And they literally based the entire course off of the CISSP textbook. And I was like, well, if they're going to make me buy the CISSP textbook, and they're going to make me do all these quizzes and all these discussion posts on all these papers and all this content related about related to the CISSP, I might as well just put in a little bit more effort and go actually get the CISSP. That's exactly what I did.
So I passed that course with an A and then I ended up putting in some more study time in the CISSP and ended up passing the CISSP as a certified information systems security professional. Number one, most in demand certification on the market. I passed that in October, 2022, absolutely worth it.
Wouldn't change that at all. And then the very next month. So as soon as I passed the CISSP, I immediately wrote into cloud plus CompTIA cloud plus, and then I passed that in 2020, November, 2022.
And then 27 days later, I passed the CompTIA pentest plus, and then 21 days later, I took the COISA plus beta exam. So very, a lot of certs and a very short amount of time. And which brings me to a comment that someone put on my last podcast episode on YouTube, episode 76, I shouldn't give this guy this much attention, but I'm just going to, I'm just going to say it.
He literally says, I'm just going to read it word for word. You brain, he capitalized brain, you brain dump CISSP cloud plus pentest plus and COISA plus in two months. You aren't confident and have the perspective because you brain dump.
Look at the dates on his certificates. Uncreditedly, that's how you can tell he didn't read the book or study the technologies in depth. You were confident to even take it on those dates.
So soon, so soon because you dumped boy, that is such a funny comment and I didn't give the haters any attention, but honestly, the haters really fuel me. Like it, like, like it makes me want to just prove people wrong. So keep, keep it on me.
And I'm, I'm glad you decided to look at my background and because I really annoyed your buddy. But did I brain dump? No, I read, I read the cloud, the CISSP book cover to cover. And I did a full video course and I did like 1500 practice questions, guys.
Like that was, and I did a eight week course of school. So like the CISSP was a long journey. Cloud Plus was a short journey, but again, I did a full video course on CBT Nuggets and I read the book cover to cover it's a shorter course.
And it's a shorter book, but I had read the book cover to cover it. And I, and I did the every single video in the CBT Nuggets course. Same thing with pen test plus a little bit of a thinner book, but I did read an entire book and I did do an entire video course on I think it's ACH learning.
It's it used to be it, it pro TV, but again, did the whole thing. Let's see. I say, I didn't read a book cover to cover.
All I did was like speed run through a video course because there's a lot of overlap between C CYSA and pentest plus and CISSP covers a lot of that stuff as well. So CYSA plus was a pretty easy one for me to get that. Keep in mind, I did the CYSA plus beta.
I didn't know I passed it to like six months later, but I was pretty confident that I passed while walking on the exam. I was like, yeah, I'm pretty sure I passed. So no, I didn't brain dump.
And we're going to get into it, but there's been other certifications that I passed without studying because I didn't bring up those early, early ones, you know, so those, those foundational certifications, I really put a lot of work into it, which helped me pass the remaining certification for talking. So back to the question, would I change anything here? No, I think cloud plus was worth it. Cause you got to know the cloud guys.
So, you know, I w I'm going to go back to that again. Like you got to know networking Linux and you have to know coding. I would add cloud to that.
That's why I got cloud plus a pentest plus. That was an obvious one. You wouldn't be a pen tester.
It's a foundational pen testing. So I say plus it did. I didn't really need it, but the reason why I got it was because I got the beta 50 bucks.
You might as well, right? Just to keep your skills sharp. And it's a little bit different because it's defensive cyber. I think being first and offensive and defensive cyber is beneficial.
Wouldn't change that at all. Didn't need that cert though, but the beta exam was up 50 bucks. Why not? Right.
And then after the CYSA plus in January, 2023, I finished the CEH. I decided to, you know, I was like, I spent 80%. And that's another reason why I was able to pass pentest plus CYSA plus so easily because I studied for the whole CEH and that's a fat book by the way.
So because I studied so hard on that 80% of the way through that, it made pentest plus and CYSA plus just easy because there's a lot of overlap between all these certifications guys. And the reason why I got to CEH cause it's for some reason, the second most in demand pentesting certification on the market, people are still asking for it to this day and that's why I got it and I still have it. It's still active by the way.
And I, I keep renewing it and I don't regret doing it because it helps believe it or not, as much as it is to make fun of that certification, it does still show up on job postings and it shows up on a lot of the job postings in 2026. So, and then the next month, February, 2023, I passed EJPT that's the formerly E-Learn security, junior penetration tester, but the INE, it changed it to INE security. So I passed that.
And the reason why I went to the EJPT is because I needed something to bridge the gap between CEH pentest plus and OACP because OACP was like this huge mountain and I needed something in between the two and EJPT was a great intermediate bridge between the pentest plus and the OACP. So that, that really helped me out. That's like a hundred hour course, by the way, I did not speed through that one at all.
I did speed through it, but you guys, guys, you understand is like, I, I didn't, I didn't have a life outside of the stuff that you see me cranking out these certifications is because I'm not even exaggerating when I say this. When I say I studied for a certification, like I get off work and I study for three to four hours every single weekday. And then on the weekends I put in eight to 12 hours on these certifications.
Guys, that is how I'm able to crank these out and that, cause I'm putting in serious work and it looks, yeah, that guy's like, Oh, you brained up. No, I didn't brained up. I didn't have a life.
I didn't do anything else. I quit playing video games. I didn't go to parties.
I barely dated my girlfriend. Like I literally did not have social life, dude. Like I, I sacrificed a lot and I wasn't, I wasn't having any fun.
Like I would, like I said, barely dated my girlfriend at the time. And you know, I'm single now because of that, because I spent too much time in my career. I didn't, I didn't focus on her.
And that's something that that's why that relationship failed guys. So there was sacrifice that that was made here. It wasn't just like, like when you see me getting certifications, it doesn't come easy for me.
I'm putting in serious work. So keep that in mind. So after I passed EJPT, by the way, I did let EJPT expire a few months ago.
Don't need it. It's a junior pen testing cert. I have like three other pen testing certs.
I didn't need to renew it. So it's the first and only certification I ever let expire. So after EJPT, I immediately wrote in the OACP.
This one was a huge mountain to climb, but I ended up passing the OACP in like 87 days, which is very fast. But again, guys, three to five hours a day after work, eight to 12 hours a day on the weekends, OACP took me 400 hours. I crunched 400 hours of study time in 87 days.
Okay. That was like, that was a huge sacrifice. Like it was a point.
And by the way, we talked about is my most watched podcast episode. It's called what it really takes to pass OACP and what they don't tell you featuring Trent Miller episode number 20. My most watched podcast episode.
So if you want to understand like what the sacrifices are, watch the episode. I'm not going to go to it anymore. Cause I'm already kind of running out of time in this episode.
Again, back to that question. Why change anything? No OACP at the time, I thought it was a golden ticket to pen testing. Again, that's another episode that we've kind of debunked that it's not a golden ticket guys.
So that's episode number 65. I talk about why you can't get a job after passing OACP at the time, guys. I thought OACP was a golden ticket and it absolutely helped me land my pen testing job, by the way, but it's not a golden ticket.
Like we thought it was, I thought it was at the time, but now in hindsight, it's not, and I mean, I still got my pen testing job. We're going to get that later, but it's not a golden ticket. Like I said, episode number 65, you want to know why it's on a golden ticket and like what you can do about it.
And then someone left a comment. So I wasted 1800 bucks on OACP. No, did that person ask that question? No, you didn't waste your time.
You didn't waste your time or money. Like OACP is still worth it. By the way, I would still recommend that over all the other certifications for pen testing, because it is the most in-demand pen testing certification on the market.
And that's why I decided to pursue that one or the other ones. So then after OACP, I immediately went into the OSEP, the offset experience professional. So that's, that's pen 300.
It's the father of, of OACP. It's harder. It's more difficult.
You got to bypass antivirus and it's, you got to be a little more stealthy because there's no antivirus on, on the OACP. So I started going through that. I don't have that certification by the way, never took the exam and we're going to talk about that a little bit later, but in August, 2023, I finished my bachelor's degree and then one month later in October, 2023, I started my master's degree in cybersecurity management policy.
So immediately, as soon as I could roll from my bachelor's to my master's program, and then in October, 2023, I started my skill bridge internship for those don't know. That is a transition period that helps transition service members into the civilian world. And I was interviewing for a bunch of jobs and ended up landing an internship with a pen testing company.
And if you want to learn more about that, I do have a blog post about that and how I landed my skill bridge internship for you, military service members who are looking to get skill bridge, just follow my advice in that, in that blog, but that was a very hard thing to accomplish by the way, because there was no pen testing specific internships. I basically had to create my own. I had, I basically applied to every pen testing position that I saw.
And in the interview, I'm like trying to convince them to turn it into an internship. I was like, guys, like, you don't have to pay me. Like the military is paying me.
Like it's free labor. You get a free trial run of me. And then if I work out, then you can hire me full time.
If I don't who cares, you know what I mean? You can say, see, like, you didn't spend a dime on me. You just got to do some paperwork to get the skill bridge. And it's exactly what I did.
So it worked out because I got real pen testing experience before I even left the military consulting, by the way. So it wasn't like your traditional, it wasn't like an internship, like where you get people coffee. Like I was doing serious pen test work, pen test work, by the way.
Again, ask that question. Will I change anything? No, I mean, that internship was paramount to my success of landing my first pen testing position. But while I was in that pen testing position, great people, by the way.
I don't want to talk bad about them, but I felt like it wasn't the spot that I wanted to be at. I just, it just felt off to me for various reasons. I don't want to get too too far into it, but it just felt off.
So behind the scenes, I was looking for some other positions, ended up finding a senior penetration tester position, and I accepted a job offer in December, 2023. This is five months ahead of my military separation. So this is like, like great.
Cause you don't normally, you don't get that, you don't get that assurance coming out of the military. Most people don't find their jobs to like tail end because companies don't hire that far out. So the fact that I found it, not five months, it was like four months ahead of time, cause it was, it was at the very end of December, but yeah, four, four and a half months ahead of time, huge deal.
I was like, man, I got the job out of the military. Like we're good. Senior pen tester, by the way, it was like, how do you go straight from intern to senior? I somehow did it, but I wasn't going to question it.
Super excited about the opportunity. So, you know, I'm still going through the OSEP. I decided that I'm not going to get this because for two reasons, this is very difficult, OSEP is a very difficult certification and because web app pen testing, I didn't realize how important it was, I needed to get some web app pen testing skills.
And because I felt like web app pen testing skills is more important than advancing my network pen testing skills. I decided to pursue the OSWA, that's Offset Web Assessor. I started going through that course.
Unfortunately, I realized I wasn't going to get that before my Offset Unlimited expired. Now, this is one of the regrets I have, by the way, when I decided to get the OSEP, I subscribed to the Offset Unlimited. And for those who don't know, that's literally quite, quite literally unlimited.
You get all their courses, all their certification exams for a full year for at the time in February, 2023, it was $5,200. And I think they gave me a little bit of a military discount. So I think it's like 5,500 bucks.
And then they gave me like 300 bucks off to give me a military discount. Shout out to Offset for giving me a military discount. But I ended up spending $5,200 of my own money for Offset Unlimited.
And my goal was to get four Offset Certs in a year. Cause it's like, well, if I crank them out 90 days, 90 days, 90 days, 90 days, I can get four in a year. And even if I get three in a year, it's still going to be worth it.
But if I get less than three in a year, like I'm going to be wasting money. And guess what? I only got two. So I did waste a little bit of my, that is one of my regrets.
I don't recommend getting Offset Unlimited. I don't recommend spending $5,500 on Offset Unlimited. So if I had to redo it, I would rather just do the learn one subscription for like 2000 bucks and then go through the OSEP that way.
So lesson learned there. But my Offset Unlimited was expiring and I only had a couple of weeks, a few weeks left and I was like, man, there's no way I'm going to get OSWA certified before this expires because I spent so much time doing OSEP already. And I went through the OSEP twice and I was like, I need to do OSWA.
There's no way I'm going to get it in two months. And so I went through like 80% of the course, realized I wasn't going to get it. So I pivoted with my last remainer, remaining time, my Offset Unlimited decided to go for the OSWPS Offset Wireless Professional.
And that is all about Wi-Fi hacking, Wi-Fi pen testing. Don't regret doing that at all because it was a fun start to do two weeks. It only took me two weeks to do.
And I actually have been, I've actually done two real world Wi-Fi assistants, so it did come in handy and my real world worked. So definitely glad I did that. I do regret getting Offset Unlimited because I only got two Offset Certs a year.
So I wasted literally a thousand dollars over 3000 bucks doing Offset Unlimited. But even though, even though I regret doing it, guys, guess what, guess what your boy did, guess what your boy did as soon as Offset Unlimited expired. I subscribed again.
I spent another $5,000 on another year of Offset Unlimited. Now they, they asked me if I wanted to renew it. I was like, I was like, man, I don't want to spend 5,200 bucks again.
If you're going to give me, if you want me to re-subscribe Offset Unlimited, I was like, I'm going to need, I'm going to get, I need to get it less than 5,200 bucks and they're like, the best I could do is 5,000 bucks and I was like, all right, I'll do 5,000 bucks for Offset Unlimited again, even though I didn't make the first year count as much as I should have, I was like, you know what? We're really, really going to lock in guys. That's what I'm telling myself. I'm really going to lock in Kaiser.
We're going to get four Offset Certs in a year and we're going to do it. That's what I'm telling myself. And at this point, guys, I'm $10,200 into Offset Training Points.
Oh my goodness. And guess what? Guess what I ended up accomplishing with that Offset, second wave of Offset Unlimited. I got one cert, one cert.
So it was a huge waste of money. Well, I don't know if it's a huge waste of money because as I started going through the OSWA and I failed off OSWA three times past my four tries. The reason why I was able to do it so many times is because I had, it's quite literally unlimited.
So you can take the certification exam as many times as you want. You just got to cool down period. I think the first time you fail, you got to wait two weeks.
The second time you got to wait like three weeks and every time after that, you got to wait a month. So it's not like truly unlimited, but like you can, you can literally take an exam every single month if you want. So because I had a limited, that's why I didn't have to spend any extra additional money on OSWA, but I did quite literally spend $5,000.
On OSWA, not worth it, not worth it. But I have no regrets guys, because that's, I mean, if I could change it, I definitely wouldn't spend $10,200 on offsite training. I could have got the same results with like a few thousand bucks, but I made all my money back my first pen testing role anyways, guys, like it's, it's over six figures for your salaries guys.
And I talked about my salary in the last episode, episode 76. So you're going to know about more about my salary, my last role at watch that episode. But you quite literally, so I've, I've spent probably $15,000 in my own training and that sounds like a lot of money and it is a lot of money.
But when you lock, lock in a six figure job, guys, you make that $15,000 back very quickly, like very quickly, assuming you're, you know, staying debt free and you're, you're taking care of your finances and you're just not blowing your money on like everything else, like, like other people do. You can, I didn't go into debt for these certifications, by the way. I paid cash for all of these because I was diligent with my finances.
Like I took my air force paycheck and I saved it up. And then I guess more importantly, I was putting my money into crypto. And I actually, that's how I paid for my offset and limited the second time.
I sold like $5,000 in crypto because I was making a lot of, because crypto was booming back then. I don't know what it's doing now. Cause I'm out of crypto, but at the time it was booming.
And I made some money on crypto. So I put it in my, into myself. Best investment you can make, by the way, best investment you can make.
People, people complain about the cost of all these certifications guys. And if people think like, oh man, it's so expensive. Yeah, it is expensive.
But like I said, if it helps you land a six figure job, it, it pays for itself within the, like within the first quarter year, like you're going to make all of the money back, no joke. And you don't got to spend $15,000. Like I did.
I was, I made some dumb decisions by doing offset and limited back to back years. So don't, I do not recommend that because no matter how locked in you think you're going to get, there's life, life happens. Guys, life happens.
Like I was locked in for OSCP guys, but as soon as OSCP was over, the military sent me to Japan for a couple of weeks, I mortal combat one came out. I'm a huge Mortal Kombat fan. So I took some time off to play that game.
I had to focus on our relationship with my girlfriend at the time. I did some vacations with her and I was just kind of enjoying life. You know what I mean? And then at the same time I was going through this military transition and I. I had to focus on suffering out of the military, which is a huge deal for anybody that's kind of military.
Like, you know how hard that is. It's not like you just put in a two week notice and you quit guys. Like, it's not like a civilian job.
I get, it takes a lot of work and effort. Like you got to go through literally 50 meetings and sound like hundreds of papers. Like it's, it's crazy ordeal and you got to be on time.
You can't be late. If you have the one, one box not filled out in your form, they turn you away and they're like, come back next week. You're like, dude, what? Anyways, enough of that rant.
So yeah, the, the, the moral story here, guys, is if you plan on being locked in for a year, like you can't really plan that because you don't know what, you don't know what life's going to throw your way, like anything can happen. Like your, your car could break down. You can lose a family member.
You could lose a pet. You could have to move. And I had to do that by the way, because me and my girlfriend up end up moving across town.
And then we ended up breaking up and I moved back to Ohio. So it was like all these life events happened to me guys. And like, I couldn't stay locked in the off six days.
Like I wanted to. So anyways, moving forward, I failed the OSWA the first time in March or April, 2024. I can't remember exact month, but it was March or April, 2024.
And then in March, 2024, that job offer for the senior pen district got revoked, they said like the client canceled on them or the work got canceled. So they revoked my job offer. So I had to go back and do another job search.
I'm right before I got out of the military, which is really crappy, but ended up finding a job in a month. April, 2024, separate from the military, May, 2024, 10 days later after set military separation, I started my, my first full-time pen testing job, which was my last role. And then on that day, I accepted a job offer.
I failed OSWA for the second time. Didn't really care about failing because I literally just accepted a job off for my first pen testing job. So I was super happy and I spent more time signing the paperwork for my company than I did on my actual exam.
So I didn't really care about failing it the second time, especially it's a off-second limit. I was like, we'll get it next time, but I had to take some detours. So as soon like, I was like, okay, we'll take OSWA again.
I was like, oh crap. Guess what? Guess what's going on now, guys. My CCNA is about to expire.
I was like, bro, I've worked so hard on that for certification. I am not letting that thing expire. So I had two options go for the CCNP or do a Cisco certified cybersecurity associate decided to go through the Cisco certified cybersecurity associate route because cybersecurity, you know, like back of my hand, CCNP would be very difficult, hard to do.
And this, the Cisco certified cybersecurity associate would be easier for me and it was, but it wasn't, that's a hard certification, by the way, I actually read a book cover to cover, did the video course, did the practice questions. And it was a hard exam, by the way. Passed the first time, first attempt in July, 2024.
And don't regret doing that either because I needed to do something to renew my CCNA. And that was the, that was the path of least resistance there. And then a week after that, I passed the Cisco certified cybersecurity associate.
I took the security X beta exam and I didn't get the pass certification until six months later. I walked out of the exam. I had no idea if I was going to pass.
I did not study for that certification. And that goes back to that guy that's talking to me, that was talking about me brain dumping. Like if I brained up those early certifications, I never would have passed security X without studying.
Like it's that's Pompteia's literal hardest exam. And I passed it without studying for a single minute. So that's just proof that I literally did learn the concepts for all of those certifications.
October, 2024. I failed OSWA for the third time. And then because I failed, I enrolled in the TCN security PWPA.
That's the practical web pen test associate. And I did that course and guess what? Took the exam, failed that the first time. And then I decided to take the OSWA again and not pass it on my fourth try, which is great.
Passed my fourth try in November, 2024. Felt amazing. Gosh, that was the longest certification journey ever.
10, $10,000 later, bro. Four attempts. Like that's why it's my favorite certification of all time.
Cause it was such a hard thing to do. And then three days later I passed the PWPA. So that was the other one I failed in.
Uh, cause I was studying for them simultaneously. I was using the PWPA course to like fill in the gaps. Cause like after I failed OSWA three times, I was like, there's something I'm missing, there's some web app skills that I just don't have, like, where are they? So I decided to take the, another course.
And that's why I was able to get two pretty difficult web app, pet testing search in a short amount of time. Cause like the skills overlap so much. They're essentially the same thing.
And then I was studying for them simultaneously. So that's why I was able to do that. And plus the OSWA was such a long process.
Like it took so long to get, I mean, it was almost an entire year of, of trying to study, study for that past that one. And then, um, I'm going to let you guys in on a little secret cause we're pretty far in this episode. You guys deserve to know a little bit of a secret, some secret sauce.
Man, this is going to be great. I have not said this on a podcast. I have not said this in a video.
I haven't admitted this publicly, but guys around this time. So where are we at here? We're in early 2025 guys, early 2025. I don't know the exact months, but I ended up trying to take the OCP plus.
So I got a whole video on it, but more stories like they came out of the OCP plus. I ended up, I was like, man, I can level my OCP, the OCP plus. Cause I obviously I can limit.
I can take a limited exams. I was like, well, right. Might as well.
So I decided to take the OCP to try to get the plus and I failed at the first time. The first time. Um, so, so it was my second OCP until I passed my OCP on the first try, but then my second OCP attempt, I failed.
It's so funny, but that's what happened. But why did that happen? It's because guys already had OCP at the time. I thought, you know, the first time I was like, that's a golden ticket.
Like I have to do this. I literally quite literally stay up 18 hours. 17, 18 hours doing my first OCP attempt.
Drain me guys. I just focus on a computer screen for like 17, 18 hours straight, taking hardly any breaks. And that drained me guys.
I put in every single amount of effort I possibly could in that exam. And I was not going to lose because I thought it was a golden ticket to my dream job. And I was so hungry.
I would not accept a loss for anything, but my second OCP attempt guys, I already had OCP, right? So a plus really isn't going to do too much for me. And plus I had the OSWA, the PWPA, and I kind of didn't really care too much. So I'm not, I'm kidding.
Like I spent like eight hours on OCP and I just didn't feel like doing it anymore. I was like, I'm eight hours in. I could probably pass this.
If I put in more effort, like if I was hungry, like I was the first time I probably passed it. And I literally was like, I'm going to take a break and play video games. And I'll come back to this later.
I was playing video. I was playing Diablo four. And I was like, man, I don't want to go back to that exam.
I'm having too much fun playing Diablo four. So I just never, I just let the time expire. I didn't even turn in a report.
I was like, can I just care? I already have OCP who cares? Then I decided, I was like, you know what? Let's really focus on it. Let's see if I can get it again. Like, let's see if I could pass.
I really focused on it. So the second, so my third OCP attempt, which would be my second OCP plus attempt. I was like, let's really focus on this.
And I spent, I'm not even kidding, 15 hours on this exam. And I was just tired, man. I was two flags away.
I probably could have got it. If I would've, if, if I would've went 17, 18, 19, 20 hours, I could've got it. But I was like, again, who cares? It's just a plus.
Like I'm tired. I'm like, I'm 15 hours in two flags away. I just, I didn't feel like doing it.
So I ended up failing the second, my third OCP attempt. So pass it my first time, failed it the next two times. Does that mean OCP plus is harder? Not really.
It's really the, in my opinion, the same exam, the difference, the difference in the secret sauce between the pass and the fails is how much do you want it? Like, it's literally that simple because the, when I, when I did the first attempt, guys, I was not going to lose. Like, cause I thought it was a golden ticket in my, my dream job. And you also got to take into consideration.
Not only did I have the OCP plus already, didn't really need the plus. I already had a pen testing job. I was working full time as a pen tester.
I was like, this isn't going to do anything for me. Like I'm not that hungry to get it. You know what I'm saying? So that's the secret sauce.
And if I should make a whole, I wanted to make a whole video on OCP plus and tell you that, but you're going to get that in this podcast episode. And you get that as a loyal listener, as a loyal, loyal one who has been listening to me rant for 40 plus minutes now. All right.
Do I regret trying to do the OCP? No, cause I didn't study for it. I just took it. That's another reason why I feel cause like I didn't really study for it.
I just kind of went in there and took it. And then after that, I decided to go through the PIPA courses to practical TCN security, practical IOT pen test associate as an IOT hacking course. And the reason why I did that was because we had a client in my last role that needed some IOT pen test work done.
And no one on our team had IOT pen testing skills. And I volunteered to do that. And I was like, well, I don't know how to hack IOT stuff, but I know a course that can teach me how to do it.
Actually I have a book on my shelf called practical IOT hacking. So I read that book cover to cover and I took the practical PIPA course, did not, did not take the exam or I did go into the exam just to see what it was. So they give you a free retake.
And I was like, might as well see what it's about. Cause I don't know what the exam is about. And then I was like, once I see what the exam is about, like once I read the rules of engagement, go back and study the course again and then take the exam.
But I never took my free retake cause I didn't really care about getting IOT pen test certified. Really didn't care. Cause it's not my thing.
I don't really, IOT stuff's not, it's not my thing, not my jam. Ended up doing a really good job on the IOT pen testing in the real world though. The client was very satisfied with my work there.
And that course in that book helped me by the way, with doing that, helped me going out with confidence. You don't, that's another thing. Like you don't need a certification.
If everyone says skills over certifications, that's absolutely true. Like I did the course, read the book, had enough knowledge, working knowledge to do good quality work. Then March, 2025 finished my master's degree, which we'll talk about college.
I don't regret doing college cause I didn't pay for it. I used tuition assistance for my bachelor's degree. I used my GI bill for my master's degree.
Absolutely for me, college was worth it cause I didn't pay for it. Matter of fact, once you get out of the military, you use your GI bill. They pay you to go to school.
They give you, they give you a housing, a partial housing allowance to go to school. They literally quickly, they pay you to go to school. So that's, to me, it's a no brainer to go to school after you get out of the military.
But if I had to redo it, guys, I'd pick a different school. Not because my school sucks, but because there's two better options. So I would recommend if you're going to go to school and you think it's worth it, or you don't have to go into depth, do it.
I have a whole video on, on college, by the way, if it's worth it, recommend checking that out. But moral of the story is if you do decide to go to school, I would recommend going WGU or do the Sands Institute College because you get certifications along with the degree. I'm getting a lot of certifications.
I got my degrees, but I'm doing them separately, guys. Doing them separately. And it's split my attention up.
Like why do them separately when you can just do it at the same time. And it's going to save you some time and give you more of a life. So if I had to go back and redo it, I'd pick either WGU or the Sands Institute.
So I can get the degrees with certifications. And then in March, 2025, I decided to take the TriHackMe SAO one. That's the security analyst level one certification.
That one was a free one, right? They said, anybody who has a CompTIA CYSA plus or a Blue Team Alliance. Is it Blue Team Alliance? Blue Team level one, you get to cert for free. And I was like, might as well, right? It's a free cert.
Might as well do it. And I decided to take the TriHackMe security analyst level one. Failed my first try.
Passed on the second try on the free retake in April, on April 1st, 2025. I have a video, two videos on that certification, by the way, if you want to learn more about that, then June, 2025, again, that's back to that question. Is it worth it? Would I do anything differently here? And the last couple of things I said, just looking through my notes here.
No, all this stuff was worth it. I probably, yeah, I'm glad I volunteered for that IOT stuff. I don't even know.
It was kind of a detour of my, what my goals were. It was, it was nice to knowing that like IOT hacking is not my thing. Like I don't regret doing that at all.
By the way, my employer paid for that course, so I didn't, they didn't come out of my pocket. Same thing with PWPA. They, they paid for that.
Same thing for Security X. They paid for that. Cisco Certified Cybersecurity Associate. They paid for that.
Offset, I paid for myself. Oh, what else we got here? I mean, this is a long episode, man. I didn't realize my journey was so long.
In June, 2025, I passed the Cress Practitioner Security Analyst, the CPSA. This certification wasn't something I wanted to do. One of our clients like required it.
They're like, one of your pen testers has to be Cress certified. And we're like, well, we'll see what Cress certifications there are. Saw that there was one called the Cress Registered Penetration Test.
I was like, well, we got a Cress, Cress Registered Penetration Tester for your penetration test. It's going to look really good. Why would we get like the other ones? That's not pen testing related if you need a Cress Certified Professional.
And we started looking into it and turns out that you can get the Cress Registered Penetration Tester if you pass any other Cress certification. If you already have OCP. So since I already had OCP, I could just pass any Cress certification and get Cress Registered Penetration Tester certified.
So that's why I decided to go through the CPSA route because it seemed like it was going to be the easiest certification. And it was, you only need like a 60% of the pass. I didn't study for it, pass it because I passed CPSA.
I also got the CRT and I got two for one exam. They're totally worth it. It wasn't even, that was the only, only the second time in my career where a certification was required.
The first one being Security Plus back in my military days. Absolutely needed to have that one. And then August, 2025 guys started my MBA and I'm currently working on my MBA and I'm glad I'm doing it.
Wouldn't change that at all. And I'm still at the same school and I'll do my full break. Once I get my MBA, once I graduate, I will let you know my thoughts on whether MBA is worth it for a cybersecurity career.
So far, I would say, yeah, just a little bit of a spoiler. I think it is. If you don't have to pay for it, that's a key word.
If you don't pay for it or if you can comfortably afford it. And then somewhere late, mid to late 2025, I failed the PMPT. That's a TCM security practical network penetration tester.
Failed that one. And I just never retook it. Started doing a hide the box CPTS course, never finished it.
I don't regret doing it. Cause I learned some things. I fine-tuned my skills and an employer paid for it.
So it was like, it wasn't money out of my pocket because it's making me a better pen tester. And it did make me a better pen tester, even though I didn't get the certs. That's another thing that you can still learn stuff and not get the certs.
And then in November, 2025, I was let go from my pen testing position. And I'm going to go, I'm not going to get into it here, but if you want to learn that story, check out episode 74, and then after I got let go from my pen testing position, I didn't do jack squat for five months other than my MBA studies and my sec AI plus studies, and this is my biggest regret in my career. My biggest regret in my career is one, a lot of myself being, being let go because it was my fault.
It was absolutely my fault. My destiny was 100% my control. It wasn't like, Oh, I got to let go for no reason.
There was a reason. And I regret allowing myself to take my foot off the gas, get lazy, make mistakes. It was my fault, my fault.
So my regret is allowing myself to get burned out. I talked about it's an episode 74, but because I was severely burned out, I took my foot off the gas. I started letting, letting the ball drop at work and then I got to let go for good reasons.
So I do, I regret, I regret that. I wish I didn't let that happen. And I also regret not doing anything for five months.
And I mean, it's not like I didn't do anything. I was, I was still in school and I did some sec AI plus study. So it wasn't like I was being complete lazy turd, but I wasn't making any content and I wasn't looking for a job.
I was just kind of playing video games, doing my schoolwork here and there. And then towards the end of that five months, I finally started sec AI plus studies. I regret that.
I wish I would've took maybe like two weeks off and I wish I would've started looking for a job sooner. I wish I would've got the sec AI plus sooner because I could have, and I just wish I wasn't lazy turd. But if you think about it, man, I've been working my butt off since I was quite literally 16 years old.
Like I've been employed since 16 years old. I have never had a summer off guys because I played sports in high school. So I've never had a summer off because I was always doing two days for football.
I play high school football guys. I haven't had, I haven't had time off quite literally since, since I was like a second grader, because every school, every summer in school, I was playing football, I was going to practice every day. So I can quite honestly say like, I never took a break.
I've never took a break for this five months. So it makes sense why I did, but I regret doing it. Yeah.
When I was on high school guys, like I would quite literally, I would go to school, get off of school, do football practice, and then do after full practice. Go to work. I worked at a restaurant and I did that.
And then during the summertime, I would do two days for eight hours all day. And then after that, I would go to work. So it was a lot of work guys.
And that's why I have a high work ethic because of all, like even my younger years, like I was always working, but I do regret taking this five months off. But I mean, I was exhausted, man. After all these search studies, content creation, man, I was, I needed to take a little bit of a break and I did that, but I wish it wasn't so long.
I wish I would've cut it out a little bit. And then in May, 2026, started making content again for those you don't know. Um, I, you know, I took a break and here I am again, making content.
And then I started looking for a new role. And then June, 2026, most recently passed the SEC AI plus. And what am I doing now? So last few weeks I've been working on the try hack me AI level one, and I'm probably gonna take that exam in the next week or so, so we'll see what happens.
I'll let you guys, I'll keep you guys updated on that. I'm pretty much kind of given up on the, the hacked box CPTS and the practical network penetration tester, because I'm focused on AI right now and I have pentesting certs, I don't need more pentesting certs and AI to me is the most interesting thing and it's the, the weakest link in my skillset, because I know how to pentest guys, I did it for two years straight in a real world. Uh, so I, and I have other certifications and I've done the hack the box machines.
I've done a try hack me labs and AI. So, so new, it's my weakest skillset. So I had to focus my time and attention there.
So I have, I mean, it bothers me that I'm leaving the CPTS and the PNT PT unfinished a little bit, but it's for the greater cause of me learning AI security. So that's where I'm at now. And you're going to see what that's like going forward, guys.
This has been the longest podcast episode I've ever done. That's kind of my whole journey in a nutshell. And we, we talked about my whole career and 50 minutes here.
So, I mean, looking back at it, guys, I wouldn't change much, plain and simple. The only things I would change is don't spend $10,000 on off-stakes certifications, but I could get a, I could have got the same sort of changes for maybe a few thousand dollars. And I regret a lot of myself to being let go.
I regret making the mistakes I did in my pentesting job. And I regret taking six months off of cybersecurity because it sent me back six months, sent me back six months. And it's time I can never get back.
And I regret, I regret that. So those are the big three regrets. Other than that, guys, if you look at my resume and you listen to this, I would do everything again.
All of these are no brainer. Like there's a reason why I did everything in the way I did them. It was a little chaotic.
It didn't go exactly according to plan, but for the most part, I really wouldn't change too much about my career, except for most recent events, getting let go my pentesting position and then taking that break, but I'm back in my career full steam ahead and you're going to see what I do. So stick around and find out. Thank you so much for watching.
Thanks for hanging out. I hope you got value out of this one. If you're on YouTube, hit the subscribe button, hit the like button.
If you're on audio, rate the show five stars, because I know I just gave you a ton of juicy, valuable content. I think I deserve five stars. Thanks so much for watching.
Thanks for listening. Hopefully I'll see you in the next episode. Until then, this is Kyser signing off.