Cybersecurity Mentors Podcast
In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.
Cybersecurity Mentors Podcast
Interview with Dave Kennedy: The Obstacle is the Way
Join us for an exhilarating episode as cybersecurity pioneer Dave Kennedy, co-founder of TrustedSec and Binary Defense, shares his incredible journey from a curious kid in Cleveland to a leader in the cybersecurity industry. Discover how Dave transformed his passion for technology from dismantling toys to building computers, and how iconic films like "Back to the Future 2" and "Hackers" inspired his career path. Dave takes us through his time in military intelligence with the Marines, where he honed his skills in cyber warfare and forensics, leading to a successful transition into the private sector.
Dave's story is more than just a career path; it's a testament to the power of mentorship, community, and helping others. Get a sneak peek into the unique atmosphere at TrustedSec, complete with a Back to the Future movie artifacts and a TARDIS from Doctor Who. Listen as Dave emphasizes the importance of building strong relationships and fostering collaboration to implement effective security programs, sharing invaluable insights into overcoming the experience gap faced by new graduates entering the cybersecurity field.
This episode is packed with inspiring anecdotes and practical advice for anyone passionate about cybersecurity. Whether it's starting a successful company, creating community initiatives like DerbyCon, or navigating the challenges of a demanding industry, Dave's commitment to innovation and passion for nurturing young talent shine through. Don't miss out on this opportunity to learn from one of the field's most influential figures and discover how emerging technologies like AI and machine learning are shaping the future of cybersecurity.
Welcome to the Cybersecurity Mentors Podcast. Today, we are thrilled to be joined by one of the most respected names in the cybersecurity field, david Kennedy. David is the co-founder of TrustedSec and Binary Defense. He's been a critical voice in cybersecurity, providing expertise and insights to everyone, from Fortune 500 companies to government agencies, and he's contributed both in the technology side of things and just the mindset and what we see in modern cybersecurity. So, david, thank you so much for joining us today.
Dave:Yeah, steve John, thanks so much for having me. A pleasure to be here.
John:Yeah, great to see you. We were catching up before we started and I've been following Dave for a long time, back in the IRC days when I would send him questions about SET. I'm like, hey, man, what happens if I do this? What do we do here?
John:So cool to see you just your career and entrepreneurship and all the cool things you've been doing.
Dave:Yeah, it's been been such a cool journey.
Dave:I mean I never would have thought, you know, coming through through school, high school specifically, and then getting into the military and the Marines and military intelligence, that I'd be doing this as a career.
Dave:And you know, I think for me, cybersecurity is one of those things that you know became more of a hobby and an interest for me and so you know, kind of being able to be my hobby and my career and be able to build, you know, successful businesses off of it has been a dream come true. I've been very fortunate and blessed with that and a lot of great folks along the way that have helped me and continue to help me every day. You know I have great teams here at both my companies but just you know, the friends, mentors, things that I've done throughout my career have been super instrumental to my success and try to obviously pay that back equally as well and help others and get others into cybersecurity and do as much as I possibly can to make this industry for everybody and share as much knowledge and opportunity and everything else. And it's just been an awesome ride. I love it.
John:Yeah, and I've really seen you do that like just give back, continually give back throughout your whole career. Um, we'll talk about some of those things. Uh, first off, I'm just curious, cause I don't know, like, where did you grow up?
Dave:Yeah, so I grew up, born and raised in in the suburbs of Cleveland Ohio.
Dave:still here today. I'm actually in a fair lot of house where trusted tech headquarters is at. Uh, if you ever get a chance to come to Cleveland for some reason, it is a beautiful city but not a lot of folks come through Ohio for some reason. But Cleveland, we've got a really awesome headquarters here. We have one in Fairlawn, ohio, for TrustedSec and then one in Stowe, ohio, for Binary Defense, and our Fairlawn location has a training facility.
Dave:It's got like a hacker mural, hand-painted murals, and it's got like a hacker meal on their mural uh, hand-painted murals, and it's cool because, like, there's like a council there. If you look at the binder, you can reassemble it and it takes you to a ctf where you can hack, trust and second win prizes. And we have a lot of training centers. All of the monthly cyber security groups come here, like uh, isc square, women in cyber security, um, infragard, a bunch of others. Uh, I'll come here to basically have their monthly events, which is cool. And then I'm a huge collector of Back to the Future stuff, so there's a Back to the Future Museum. So I have the original hoverboard that was used in the movie the almanac and a bunch of other props from the actual movie itself.
Dave:So I have a nice Back to the Future time machine type of thing and I also own a DeLorean as well.
Dave:So it's fully converted to the future machines as well.
John:So that's awesome. Your office swag, your office apparel is next level. People are like man if my office is only like that it's so cool.
Dave:Like you know, I literally made the office like a place that I'd want to go into, right, you know like you know we have like a, a nap room.
Dave:If you want to take a nap, it has like a massage chair in there. You can take a nap and get a massage in. Um, you know we have, uh, we built a tardis from doctor who, uh, in the middle of the you know it's a time machine uh, basically in the middle of the, the main floor. Um, you know really cool hacker spaces, free food and drinks and everything else here. Come in as you go. You know we don't have any set. You know hours you have to be at work and don't have to come to work if you don't want to, but we try to make it. You know, nice here, uh, for you, and so it's kind of cool to have, you know, folks that are remote, but folks to come on site and get to see everybody and everything else. It's just kind of a neat place to work at. And uh, you know my room is. You know you can't see, probably from the split screens, but I have a proton pack back here.
Dave:I have uh yeah, some of Batman belt utility belt up there as well. That was used in the movie. So I'm a big computer nerd. Slash 80s, 90s movie, slash TV show nerd.
John:Sorry, let me ask you this. So I showed my son the Cybertruck and the Warthog. If you're going to have a Cybertruck, you have to make it look like a Warthog Warthog. If you're gonna have a war, if you're gonna have a cyber truck, you have to make it look like a warthog warthog, absolutely. I mean 100. Well, it's funny.
Dave:I was on the fence of whether or not to get the cyber truck or not, because you know there's like some negative reviews about it and other things and I'm like, I'm like looking at, I'm like, well, they started diving down and those those negative reviews are just like.
Dave:It's honestly the cyber truck's the most most amazing truck I've ever owned. It's incredible. It's like getting into a spaceship. Every time you get into there, right, you know, it's like this futuristic spaceship and but I was on the fence and I'm like, well, I don't know. But then I saw the Halo skin. I'm like, oh my God. Like, okay, like buy now. You know, I lease cars and my lease was up for my Dodge Ram and I was like, okay, I'm going to get the Cybertruck. And so I put the order in.
Dave:And then there was a company out of San Francisco that makes the wrap for it, the Halo wrap. It's from a company called SS Custom. So they shipped it here. And then I had a local company called Cleveland Wrap, which they're phenomenal Love those folks, amazing folks there Put the wrap on for me and then they uh, did the custom decals and the unsc on it, you know. And then you know united nations space command, nice. And so it's like I'm literally driving a warthog.
Dave:And then, and then on tesla, they have a github page for their light shows. If you've never seen one of their light shows. It's um, you can go into, like the council, and you can hit a light show and it syncs up the music. And so I I use their, their light show creator and I synced it to the halo light show and the frunk opens up and closes and, you know, has the whole light show going, everything it's just. You know it's just. And when you walk away from it, the whole uh vocal, uh orchestra, I think, like the yeah, yeah, but that that halo song, yeah yeah, that goes away as my locking sound.
Dave:I mean it's crazy, it's so much so much fun and it gets so many looks and people are smiling and laughing and you know I get thumbs up you know, you get some people like thumbs down, whatever you know. But you know it's just definitely a head turner. It's a lot of fun, yeah so is this your daily driver yeah, that's my daily driver, yeah yeah, so drive it everywhere.
Dave:Um, it's funny. My, my two boys love it. My daughter is terrified, like, like, like. She's like do not drive me to school in this period ever, with the sound then you're showing up with the sound on right.
Dave:So funny story about that. So so I drive up and I'm gonna play um the halo song as she pulls up, just to kind of embarrass her. But then I looked at her face and she was like, like not having it, like it was one of those days where like I, I'm like I'm not messing with this, I'm not I didn't know, I had to look at death.
John:I've got three daughters. I know that face.
Dave:Yep, you know that face, you know the face. My wife has given me that face many times and my daughter gets my face many times and I know for a fact what I'm, what I, what I can't get away with and what I can't get away with Exactly.
Steve:Exactly, I play the song.
Steve:So okay, okay, yeah, no, that's awesome, that's really cool. So another question we had for you is how did you get into cybersecurity and when you first started, was there anything that kind of drew you in?
Dave:I was really obsessed with computers. I love computers. I remember when I came from a lower middle working class family we didn't have a lot of technology or things like that or nice perks or things like that to have great, racist grade, amazing parents. I attest a lot of my success to them. In the 90s I remember my parents got me a Teddy Ruxpin. The first thing I did was tear the whole thing apart because I wanted to know how it worked. I got in trouble for it because you know like I came to barely for the state ruxpin yeah, but you know, I destroyed it and I just cried it.
Dave:You know so. But I but I always wanted to know how things work. That was like how my brain always just kind of was and I was like how are we going from like electricity to the wall to seeing each other on a screen, like how does that actually work? And I I couldn't, because I couldn't wrap my brain around it. I became more obsessed with that and so I started tearing apart computers, building computers, really get into programming at an early age. I was like 15 years old doing C, c++ and I wasn't really focused on security at that point in time.
Dave:But there was a couple of inspirational movies for me Back to the Future 2, the promise of technology in the future was a huge thing, hence hence me being a huge back to the future fan. And then the movie hackers came out and I was like I think 1996, it was either 94, 96, 96 hackers came out and I and I love the whole like free information, exploration, hacking. So I started like learning more and more about kind of the hacking scene and things like that and I, I I was really bad at at high school Like I. Basically I was like a DF student and I had to go to summer school just to pass and graduate my senior year I didn't walk across the aisle because I was going to summer school just to pass. And I finally got my diploma and I was like, well, school's not the right thing for me, so I'm going to go into the military.
Dave:And I almost joined the army. I was like almost like like about to sign the deadline, the army but they couldn't promise me my, my job, my MOS and um, and they also like the army guy was like kind of disgruntled. I don't think he was really happy being in the army. So I was like, well, I really want to go to a place where this guy doesn't really like what he even does. And so I walk on.
Dave:I see these like and I was kind of an overweight kid, you know, um didn't exercise a lot and I saw these like four buff marines, you know, dressed in charlie's, walking out and I'm like, whoa, those guys are badass, I'm gonna be a marine and marines would guarantee me my mos and I tested extremely high on the, the asvap score, the aptitude test that you go through the military, and they're like you can basically pick whatever you want to, and I was like, well, intelligence sounds cool and I'm like, yeah, you get a top secret government clearance. I'm like, oh man, maybe I can learn about aliens, you know um you know, they're ufos.
Dave:Okay, yeah, it's a funny story. My buddy sean, who's my best man at my wedding, one of my best friends of all time as a kid and still is today, um, I called him up. I'm like dude, I'm drawing, or speaking with him. Like dude, I'm drawing the marines. I'm going to intel. Listen, I call you and I just say yes, and I hang up. There's aliens, all right, and uh, I never, I never called them. So I don't know, I don't know if there's aliens or not, but uh, but what was cool about Intel is I got to do a lot of early cyber warfare, forensics, things like that, and um, that's really when I started homing in on on cybersecurity and really finding kind of my love and passion for and started getting involved in the IRC groups. You know the early offensive security folks that you know they're known more as remote exploits. At that time the Mutz, the head of that that started offensive security, was one of my early mentors, really helped kind of coach me along the way of where I should focus in, and I attest a lot of my success to Mutz. He was a really good mentor of mine. He's the one that's like hey, pick a Python, here's how you do this here. You do that Real amazing individual.
Dave:And there wasn't a lot of information out there. There wasn't a lot of schools, places to learn. You kind of had to explore on your own. The industry was so new. You had DEF CON that was just coming up out of Vegas. It was small. You're talking maybe 1,000 people, maybe 500 people, the 20,000, 30,000, whatever it is now today.
Dave:Um, and so very early on in the industry, you know, cybersecurity was just getting established and so I got to do a lot of that in the military, um, I did two tours in Iraq, um, for intelligence related missions, but mostly for cyber warfare activity, which was really neat, um, so I had a lot of training, a lot of experience, and really started homing in on that being my career, uh, and really having a lot of passion for it.
Dave:And I can't talk a lot about what I did in the military, um, but I can tell you that I helped design, you know, a multimillion dollar system. I was that essentially the lead on the system that built this multimillion dollar system. Uh, that was classified and I was 21 years old at that time and I was like this is the coolest thing ever, you know, like I'm 21 years old and I'm building this super secret cool program. You know it does some cool stuff and you know it. Just it was. It was really high speed and fascinating really early on in its time and then when I decided to get out, I knew that cybersecurity was where I was going to land in the private sector.
John:Very cool.
John:Yeah, yeah, mutts I haven't followed. I guess I think he's kind of moved on or he's moved on to greener pastures, right, but back in the day I would follow mutts and stuff. How did you guys connect, like what? What was that connection? And how did he? I guess, how did he take you under his wing, because I always thought he was a cool guy yeah.
Dave:So you know, what was? What was cool with with remote exploit is like so if you look at offensive security model today, which was like the try harder right that that actually kind of birthed out of, out of remote exploit, and it was a, a concept where like and this is something that we don't teach very well today I don't think, uh, which is there? There's tutorials for everything, but there's not tutorials for everything that you're going to run into as an attacker, right?
Dave:right if you're, if you're on offense and defense, so you know you're going to run into situations that that you've never experienced before and there's no tutorial on, and you have to figure out a way around a circumvention of techniques or a way to get around a security control or a creative way of bridging multiple things together. That's not going to be on a book, and so the creativity aspect of cybersecurity is really important. So understanding how things work hence where my brain goes and being able to take that and break it down and get around that and how those things work to circumvent it Right. And you know, early on in the remote exploit days, that was their try hardest thing was was, hey, you know someone would come in and be like, hey, how do I get this, you know, driver to work, to go into into promiscuous mode and monitor mode, to be able to do, you know, a PCAP captures, and there was, you know, already, a thousand tutorials on it. I'd be like, did you even read any tutorials to try this? Well, no, I just want, I just want the answer. Well, no, no, try harder and come back If you run into issues. You know we teach you that, and so you know I started my early days in IRC homing around that group and you know, at the time Mutz was creating a distribution called Wapix which was a competitor to Auditor at that time the Auditor's security distribution, so Linux distribution, which is now what we call Kali Linux.
Dave:And so, you know, I started helping a little bit with that and doing some work for Mutz on that, you know, like he would have certain tasks or things. You know maybe he needs a driver pass or something to do. So I started getting more and more involved with a remote exploit team, kind of helping out and becoming, you know, part of the group and eventually became an op in there, a moderator, and then kind of became part of the team. And you know, it took years but Mutz was always, like even before, like before he knew who I was, we we knew who I was, we, we felt a really great friendship together. He was always helpful, always answering questions, super smart, individual, one of the smartest people I've ever met, um, and so, uh, you know, just just a kind person. And then the people that he surrounded himself with was very much the same, right, so it was a community of people helping each other learn and explore things and the try harder mentality of being able to dive into things that hadn't been done before in that industry.
Dave:And eventually Wapix and iWax became Backtrack Linux, which eventually became Kali Linux. So I was on the Backtrack development team, helped with maintaining packages, updating things, and I also helped with the migration of Millworm at the time to XSplitDB. So Stroke decided to get rid of he didn't want to run Millworm anymore and so I worked with stroke to copy essentially Millworm's database over to exploit DB. We redesigned exploit DB and I was part of the exploit DB team and so it just kind of became part of that group. You know, early on before it ever became offensive security.
Dave:And then Mutz decided to start offensive security, the training, certifications. I helped with some of the aspects of that as well. So the reporting element there I helped build the first report. They had it right for offensive security and then kind of the reporting requirements. That was an important piece. That certs were missing was hey, you could do all this cool technical analysis, but could you report it and actually communicate it? And so OfficeSec was really one of the first out there to one do the hands-on exploitation labs as your cert but second also to be able to have the red report and get that graded to actually pass the test, which is really cool. So, uh, that's kind of how that all started.
John:Yeah, no, that's. That's cool. I think some of that like lessons learned there are just helping others and and being okay to ask for help Right and seeking help. That's so important. You hit it right in the head.
Dave:John, like you know, I learned so well from other people and back and forth. It's reciprocal. There's so many brilliant people in this industry and there's so many new people that are coming into this industry that are brilliant. I don't take anything I know for a grain of salt. I'm always trying to learn, or learn things differently or do things better, more efficient. So it's that community aspect of this industry that I really love and their openness and willingness to share, to collaborate, to help others. That's really what drove me into my lot of success and who I am today was because of those folks that I met along the way.
Steve:Very cool so no, thank you for sharing that. So I think now you know your experience in the military. You kind of talked a little bit about that. What was it like when you left the military and you're, I guess, going back into the civilian world and and how kind of how you, how was the how was cybersecurity still a part of your life once you left the military?
Dave:Yeah, you know, I, I attest a lot of my success to the Marine Corps too, the, the discipline, um, my life experiences, you know, going my life experiences, going to war at an early age. You see things and experience things that no one else in this world typically has, and you get to see the most horrible situations, to some of the craziest situations. To be part of an actual invasion, of a war and to see an entire country fall and crumble. That's an insane experience that puts life into perspective for you. And so you know, my outlook on life is that, like every, every day, that I am living as a gift and I try to help others with that time that I have on this, this earth. And, and so I think you know, when I, when I got out of the military I didn't, you know, cybersecurity again was still very, very young and there was a couple of small consulting shops that were just kind of starting off like in guardians, for example, I joined a company. I ended up joining a company called secure state and it was a, you know, a very small boutique company in Cleveland Ohio. I think they had like five employees at the time and you know I joined as one of their. They came in, I think, as a staff and I remember it was interesting because I was so nervous because I hadn't worked in the private sector before, I didn't know the private sector at all, I never consulted before, I never spoke in front of an audience, I never spoke really in front of anything else. I was getting orders taken and I remember that when I was kind of in the last final stages, a few months before I left the military, they had a security engagement for me to write these what, what are called msbs minimum security baselines and it's like basically like a, a checklist of things you can do to secure or harden, you know, your servers and infrastructure, things like that and they're like, hey, and you're not starting for like another month or so, but you know we're overbooked right now. Do you mind working on these things? I'm like absolutely sure, send it over. And I was so nervous because I wrote these cbt. I did so much, uh, so much like research, you know, and built out these MSBs, and I was so nervous about sending it. I was like I remember sitting in front of the you know, the outlook screen getting ready to send this. You know, all these, these MSBs that I worked on had no guidance whatsoever. I just, you know, I had like literally a cover letter and that was it.
Dave:No-transcript, honestly, is probably one of the most challenging and difficult things you can do, because you are continuously traveling. Typically, you have to learn completely different environments all the time and their problems, right, and complexities. Nothing's ever the same. You have to learn technologies that you've never seen before and you have to be an expert in it somehow, and you know you have to do all these different things. You have to speak in front of people, and so you know, I learned very quickly how to go into a situation, learn things at a rapid pace, learn from others, learn online research things and to become a subject matter expert in that short period of time to be able to do the assessment or work that I needed to do.
Dave:And on top of it, I started doing speaking engagements. I remember the very first talk I ever gave was at this local event here called the Information Security Summit, and it was more of a chief security officer type of know, a higher level con, and I was definitely not a higher level type of person. I was very technical, uh, and still am, you know, and, and I remember I gave the uh a talk and it was all technical on cracking uh web encryption at the time and and I was getting into like the bits and bytes and like packet injection and I had like this access point set up and all these people in the audience are like what the hell is this dude doing? Like, oh my God, like this is crazy. You know, like, and and so you know, I started to learn the audience a bit more and get better. You know different presentations and things like that. I started speaking more and more and becoming more, you know, acclimated to that, to who my audience was and things like that, and learning from that.
Dave:And then, you know, eventually I decided to leave and I became a what was called a regional security officer or an RSO for Diebold, which is a fortune 1000 company, manufactures ATM machines, and eventually became the chief security officer there where I ran their entire security program. And so I was one of the youngest VPs in Diebold history. I was 28 years old and became their, their vice president and chief security officer of Diebold, which is called running a team of 55 people global, and we did some amazing things there and it's funny because, you know, I think the consulting side is one perspective and you can do a lot of things from consulting. But until you actually work for an organization you have to interface with various business units and all the politics and the approvals and change control and all this other stuff. You don't really know the level of effort that it takes to build a security program. And you know, one of the biggest keys to my success at Diebold was I was friends with everybody. I was friends with IT I was friends with operations folks.
Dave:You know, when we would make decisions for security, it was joint, collectively. I made sure it was communicated extremely well. I'd buy pizza and beer for the IT folks if I had to, you know, if I messed something up or they were working late at night for something I was doing. I was really focused on building relationships and those relationships eventually led to my success there building an amazing security program with an amazing team and getting the funding that I needed to do the right things. And I'll tell you a funny story. I'll tell you two funny stories. These stories are my favorite.
Dave:So we were implementing this technology called ScanSafe, which eventually got acquired by Cisco, but ScanSafe. What was unique about them was my big focus at Diebold was manufacturing company right Shop floor plans, things like that. So a lot of legacy. It's going to take a long time to secure that. It's going to take a long time to secure that. So how can I? You know, while I'm working on my vulnerability management program, asset classification, everything else, how do I secure as much as I possibly can more quickly so that all these other programs can kind of come into place?
Dave:And I was looking very heavily at egress filtering. So how do I stop all outbound C2 communications you know from happening? So getting initial access and then, you know, establishing access through there and most companies really hadn't focused on egress filtering at all, like it was an open outbound. It's still to this day is very, very similar, so you can get out. You know a lot of ports and protocols 5321, 80443, 8080, whatever. And so ScanSafe was interesting, because if you had the ScanSafe agent on your computer it would proxy chain up to whatever port you wanted to, directly to the scan safe servers. Do do SSL termination. You'd break that connection and then you can inspect the traffic. But also it would shut down all C twos.
Dave:So my goal was to block all egress filtering across the entire organization, which, if you know, if you know a fortune 1000 company, that takes a long time, right. If you're gonna block all ports and protocols, that's not an easy fix, right. If you're going to block all ports and protocols, that's not an easy fix, right. But I had a lot of friends in it and I was like, listen, can we find some, you know? So there's there's a thing called change control, right. So we've we followed, you know, a very specific change control process. We had a change advisory board, you know, change control board, all this other stuff, and is it, was it ITIL? And we yeah, board all this other stuff. And um, is it, was it itil? And uh, we yeah. And so we uh, uh.
Dave:I knew it's gonna be a lengthy process. I had to go through approval. So I went to one of my network engineer buddies. I'm like hey, can you find an rfc that has to deal with like anything, protocols, I mean, can we tuck this changes in here, make these sweeping changes across the entire organization, and you know which is going to break inevitably the entire company, probably. Um, and my old buddy's like nah, man, listen, there's not enough pizza and beer that's gonna get me to do that.
Dave:So I went to one of the more junior guys and I was like hey buddy, hey buddy, one of the new, new network engineer guys. They didn't, didn't know better, didn't know better.
Dave:Yeah didn't know better and I'm like, hey, can we find an rfc? It does. He's like, yeah, but he's like it's probably gonna break stuff. I'm like I know, I know, but but how long is it going to take to fix? He's like, oh, it'll fix quick, but it's going to break stuff. I'm like, okay, like just, I'll take the heat, I'll take the political blowback, but can you go and do it? He's like, sure.
Dave:So we implemented ScanSafe literally in like a week and we broke our entire manufacturing process for a day and but it wasn't bad because I knew the head of operations listen, man, we're trying to fix this right now. We'll get it. And it was totally cool. No political blowback. But we were one of the only companies that literally had no egress ports whatsoever. You couldn't get out 21, 22, 53, 80, 443. Like your shells just didn't work in our environment period, and so like that one sweeping change gave us so much time and flexibility to kind of focus on a lot of the other efforts to make things work. So you know, it was a lot of fun and you can get away stuff.
Dave:Like I remember one of my Defcon talks. I gave a Defcon talk at the Penn Teller room and it was like 6,000 people in the audience okay, 6,000 people in the audience watching me right, and I found this bug in SCCM that would allow you to patch SCCM so that it would patch your entire company with malware. So you could use the software with SCCM to deploy your C2s, your malware, whatever you want to do. So I was live on stage and I passed our SCCM servers at our company a global fortune 1000 company live on stage and had 20,000 shells raining back on the with heavy metal. I had like a lighter and heavy metal and there's like shells flying around.
Dave:You know I'm like this is amazing. You know being able to do fun stuff like that. You know it's again, it's a hobby. It's a hobby, it's fun, I'm trying to do the right thing, no matter what. But you also got to kind of figure out like what you can kind of get away with to push security to a new kind of height within an organization. You know politics, everything else, so I learned a lot throughout my career. You know how to work with people, how to liaise on people, how to make friends, and then ultimately, you know, have their back, no matter what, and really be successful with it.
John:Yeah, just a couple of things there. I was just making notes. So, standing out like I think um, people get hung up in it doesn't take a lot to stand out, right, if you do that, you know when you're talking about those, those the um I forgot what you call them, but the reports that you sent back yeah, if you do the extra effort to put, to put the effort in and actually care about what you're submitting to put out there, people get it. And actually care about what you're submitting to put out there, you people get it and they're like, wow, this is amazing because it doesn't take much. Unfortunately, it doesn't take much to really stand out because you care and you put that effort in um, so that was everything everything, everything, I've always done.
Dave:You know I, if you ask my wife, uh, any anything, if I get into something, I am I never, I never just go in a little bit, I am all in on everything, like no matter what it is like I'm 130 percent into whatever that is so like health and fitness.
Dave:Thousand percent into that right. You know I got into airsoft and I'm like I got combat gear now with gas blowback guns and tracers and everything else you know and I'm like you know, you know, shooting these little kids with airsoft BBs. You know that have never been in military before you know whatever. I'm in, I go, you know all in on it and it's the same thing with with cybersecurity.
Dave:And that's why if you want to be successful coming into cybersecurity, give it everything, like you know. I'm not saying you know, know, don't, don't sacrifice, you know your, your life, your family, your health. You know you got to have that right. But but make cyber security like your hobby, things like do and go all in on it, and that, that spark is what gets people the success in this industry. Like when you mentioned the minimum security baselines. Like if I was on a customer gig and let's just say, um, you know, in consulting I might be running two projects at the same time and maybe I only had 40 hours on one engagement. Well, if I wasn't done with my engagement, I would work at night and not and not document my hours to make sure that I did the quality of work that it needed to be done, to make sure that customer felt good with the work that I did. And I did everything I possibly could to make that the best Right. And you know I was always the top consultant build. You know, billable wise, I'd I'd run like 170% utilization, which is crazy, you know. And I'm not saying do that again. The burnouts are a real thing, but I could handle it and I was trying to make a name for myself and my career and at the same time, you know, I was on the exploit DB team, I was writing the social engineer toolkit and good things happen.
Dave:And keeping humble, learning from others, helping others. You know I'm a huge advocate that there's this, this energy that we all have, and that energy can be negative energy, it could be neutral energy, it can be positive energy, and I'm a firm believer that if you you live your life in a positive energy sense of that, you know of helping others, um, you know doing good things for other people that that good energy comes back to you as well. And so you know that's really the biggest thing. It's just good energy. Create good karma creates good karma. Um, and that's how I've always really tried to run my career is is always being thankful for the folks. Uh, people are taking the time out of my day. You know, if you don't, even I'm busy to speak to folks, to mentor folks, uh, to do whatever I possibly can to help somebody out that's in need. Um, that's just always been my motto and it's always worked for me.
John:Yeah, I think to make having fun right. Obviously you're talking about things and you're having fun, like there. It may seem like that's the same. You know you can. You can get bogged down by all the things you have to learn and all the things you have to keep up with all those things, but there's always a way. Even some people like when I looked at the CISO job, I was like this is going to be so boring. I'm going to be like just doing meetings all the time, which I do have to do meetings, absolutely. But I'm also the CISO, so if I want to do jump in and get my hands dirty, I can jump in and get my hands dirty, absolutely Right. I wish it was actually Chief Hacking Officer, because that's the coolest title ever. You know when you run your own companies.
Dave:you can give yourself whatever title you want to Exactly.
John:But there's definitely ways to find ways to keep it lively. Have fun, right, Be that person.
Dave:Well, you know, I find, for me, like so, so now I run, you know, two cybersecurity companies. I have probably eight or nine other businesses that aren't necessarily in cybersecurity, um, you know. So, like serial entrepreneur, I guess at this point, uh, love creating businesses and doing things that I enjoy doing. So, like, I have a basketball training facility, um, that augments technology and for kids, you know, and, and the reason I built it is because my, you know, there wasn't anything around here. My kids love basketball, so I'm like, well, hey, I'm going to build a training facility for kids and my kids will get to enjoy it as well. So, you know, like you know, I find what I like to do and I go on and on it. And I think the biggest thing for me, like running two large cybersecurity companies, and why I'm still having so much fun and excitement, is I get to see so many brilliant people come them and I get to hop on engagements whenever I want to.
Dave:I'll tell you a story of of one of our consultants that came in and his name's Luke and it's an interesting story about success and kind of getting into this industry. So we had a we have a contact us page on trust a second. I still get those emails too, like my marketing team gets it and everything, but I still see the emails coming in. I want to know what people are saying about us or asking questions on it. Maybe I can help out, right. And so, uh, we had, we got a message from from Luke's at the time fiance and she said hey, my husband's really interested in cybersecurity. He's a web developer, um, but he's doing like CTFs at night and just wants to know. You know, I was wondering if somebody from um trusted sec would speak to him. That you know talked about how he can kind of bridge over into cybersecurity, um, you know, and learn more. And I was like you know, sure? So I looked at him. You know, like, sure, I'll, I'll be happy to speak to Luke. And so it was a surprise, and, um, and so we hop on this Zoom call and his fiance is on there. And then Luke gets on and is like, oh my God, it's like it's Dave Kennedy. He's on this call. What's going on, you know? And?
Dave:And so we start talking through and you could tell Luke had made cybersecurity his hobby because he was doing capture the flags. You know, he was online publishing code. He was learning all about it. He was giving everything he possibly could because he loves cybersecurity. He loved web development, but he knew cybersecurity was his home right.
Dave:And so I started talking to this kid and I'm like man, he's actually really smart and he already knows a lot of cybersecurity. I'm like, well, why don't you talk to our head of software security, scott White? And so I was like Scott, just talk to this kid. He seems like he'd be really good and we're always looking for application security folks. You never know. And Scott talks. He was like, oh my God, this guy's really good. And so we ended up hiring him off of that Right and he comes in and literally, you know, within a year he gets promoted to a senior security consultant. He's one of our top you know application security folks. He's you know cybersecurity is his career and he's one of the top folks we have here at TrustedSec.
Dave:So, you know, it's like it's like that type of passion you can't teach to people, right, if you have that passion and that drive, you will be successful in cybersecurity. But you know, here's the difference. Like, college degrees are great. I love them. I'm so glad that we have cybersecurity training courses that are teaching kids how to do cybersecurity, but if you just have a degree, does that differentiate you from everybody else? Well, no, not necessarily, so you have to go above and beyond that other person has a degree as well. You know, doing ctfs, publishing github pages doesn't have to be anything revolutionary, doesn't be like, hey, you found a massive kernel zero day, and also, it doesn't be like groundbreaking material, but things that you've learned, your experiences are unique to you, and if you struggle with something, by you publishing that blog or publishing that code to make things easier for somebody else, that shows commitment, that shows hobby, it shows you figure things out and that will differentiate you from other people in this industry.
Dave:And I want to hit on one of the biggest challenges that we have in cybersecurity today. Like, to me, this is the most fundamental problem we have today is that, you know, they always talk about how cybersecurity needs so many people to fill, like there's like a deficit of like 700,000 jobs in cybersecurity, right, well, that may be true. I think that that number is a little bit overinflated, but I think what, what? What they're saying, though, is they need qualified people today that can fill those roles, that already have experience to do those positions. So, whether that's detection engineering, threat hunting, incident response, detection engineering, threat hunting, incident response you know offensive security, you know penetration testing whatever they're looking for experienced people already.
Dave:So a lot of kids coming out of college are in this really interesting gray area where they have, you know, the foundational components to be in cybersecurity, but they're missing that experience gap to be able to have that applied learning, to then jump into a position that's already looking for a position. To be able to have that applied learning to then jump into a position that's already looking for a position. So we need to do better to fix that in this industry, to have better internship programs, and that's what we started creating here at TrustTech. We have an internship program here and I can talk a little bit more about that.
Dave:We built a cybersecurity program for a poverty stricken inner city school here in Cleveland where we built their K-12 cybersecurity program where they basically go through three years of high school training that helps them get scholarship opportunities to go to college and get those, or directly into internship programs here at TrustedSec, and so we got to be able to bridge that gap of experience and I really implore a lot of companies to have those internship programs to develop these kids, because I would tell you, these kids that are coming out of school today are so much damn smarter than all of us. You know, they're immersed in technology, they understand technology, they're way faster at learning than we were, they're doing things in a different way that we didn't think about, because they have other tools and technology, or they're leveraging AI in a different way. You know we have to foster that, that creativity coming into this industry, and it's a big problem that we face today.
Steve:Absolutely. I agree with you 110% and that was a cool story. You show you, you you shared there because we have seen it. We have been trying to hire a full-time SOC analyst multiple times and we end up going with someone who has zero experience. But you can just tell, like they've been building a lab, they've been doing try, hack me stuff. They I mean they are living, breathing cyber security and they may be working at amazon delivering packages just to pay the bills, but they're trying to break into cyber security and we have given them a chance because we just see the the love for it and they've been killers, they've been just killing it and we're happy to be a stepping stone in their careers and then see them move on and go work at places like nvidia and you name it.
Dave:So it's, it's a way to do it. I mean, you're forging the careers for the next generation of people that are going to run this industry and, and you know it's like we can't get them to the jobs, we're going to have an even more serious problem moving forward. I mean, you know, you look at the, the, the innovation that's happening right now with machine learning and artificial intelligence. That's not going to replace jobs. In fact, it's going to increase the demand for people that are more skilled in those areas to be able to augment those technologies, to integrate into the technologies that we have today and tomorrow. And so you know it's like you know, we need expertise in these emerging technologies, whether it's cryptocurrency or machine learning, artificial intelligence. And you know a lot of folks aren't really looking at that right now and it's going to be a problem and it's going to continue to be a problem until we can start to get you know these younger kids, you know the ability to go into these jobs, to learn from.
Dave:We have what we call our junior program here at TrustedSec and we take folks that don't have experience, haven't worked a consulting job or a formal job, and we interview folks and we look for those kids that have the passion no-transcript be a consultant.
Dave:I mean from reporting to customer skills, to all the technical components. Then they start to run shadow engagements with our consultants and get paired with our consultants, so they're now actually on engagements and then eventually they go into the consulting pool and they they work for us and they do great. You know, there are a couple of my friends I've been able to give positions and I had a friend who I'll just say is hacker handle, is Cobra, and so we used to play Halo together all the time and Cobra was a bank teller and you know I talked to him all the time online. You know, I talked to him all the time online. You know we play uh, destiny and everything else together. We do raids together. Phenomenal person, I could tell you, super smart, super brilliant, like, and he was always the one that was figuring out like the glitches to like launch you across the map.
Dave:so we didn't have to fight all the damn.
John:You know who's that guy in halo 2 that was spinning the flying warthog?
Dave:that's right, he's the guy that would figure all that spent, you know, spent hours just perfecting this one. You know, like there's, I remember there's this one raid in destiny and there was, like this, this long ass like bridge you had to go through. It would take, like us, like two hours to complete.
John:Oh, and if you're on a way to like bridge, I know this bridge and
Dave:I'm thinking right now we like chop across the whole thing yeah, so that then we'd all spawn in and we skip like two hours of bs and then,
Dave:you know so. You know so, cobra was awesome and, uh, I remember one time, you know, um, he was helping me out, like taking his own personal time to help me out through this raid, and I was like, hey, man, I really appreciate it. Um, and I was like you should have a knock on the door in about five minutes. He's like, what do you mean? He's like, and so I delivered. He was talking about he was hungry and so I delivered pizza to his house and he's like well, first of all, how'd you find my address? I'm like dude, I'm a hacker.
Dave:First of all second yeah second, you know, like, like, thank you so much. And so we became good friends online and um, and he was asking me more of career options. He's like, hey, I want to get into cyber security, what do you think? And I sort of mentored him a bit, talked him through it and, as he's going through the class, he'd always ask questions and I always have him. We always have, um, this one joke with us it's called, it's always called, but did you check, migrate in the process, no matter what we're talking about? Did you migrate the process? Because you know he was going through all this stuff and I told him to migrate the process. We didn't migrate the process to assist them, to get you know, to get the you know, to dump the database.
Steve:Yeah, yeah.
Dave:And so and so. But, you know, eventually went to the school and I eventually hired him here and he's now doing amazing. He's, you know, he's, he's a consultant, he runs his own engagements, everything, everything else. I have another friend that was a personal trainer of my kids that I became good friends with, that now is going through our junior program right now through cybersecurity. But we try to put through anywhere between eight to 10 folks through this program.
Dave:It's not just friends. We interview folks that are going through college degrees and have a good understanding of cybersecurity. We have folks that I hired that start off in IT for a little bit to get more of a networking foundational background, that eventually go into the junior program. So we're continuously trying to funnel folks through, you know, to get them experiences and, you know, hopefully they they stay here for a long time, but you know. But we're also happy with them being a step, us being a stepping stone to the rest of their career whenever they do, and they're always welcome back too. So we have folks that have left and come back and it's great.
John:So yeah, now a junior program. That that is a a cool. You guys are doing it right and you just need to get that other companies to do more of that, like, hey, you can do this, they don't have to be perfect when they get here, you know.
Dave:Build that training program and that's my, that's my ultimate goal. So, like as as trusted tech has grown, I'm working with. So, now that we have these, these k-12 uh cybersecurity programs and then these college programs are partnering with, so we're starting to partner with a lot of other colleges. My goal is and this is hopefully something I'm my goal is to have this done in 2025. I have a program director for this, but my goal is to be able to take that junior program and expand it to where we we're trading, let's just say, 50 to 100 kids uh through our program and we partner.
Dave:We have we work with three of the fortune five, 70% of the fortune 1000 companies out there, partner with all of our customers to then, once they're already trained by trusted sec and they've gone through like an accreditation process through trusted sec, we can then place them in positions because they now have all that hands on training from one of the best cybersecurity companies in the world you know, into their, into their facilities.
Dave:So that's my ultimate goal is to be able to get like 50 to 100 people through this program, go through some sort of trust accreditation, go through college, get your college degree, come through here, get hands on, and now you're in that workforce where we're fixing that big gap, and that's ultimately my goal of what I want to accomplish with Trusted. We're just the ones that are fixing that bridge and that gap and we're placing them out in companies that can handle, you know, 10 kids, you know coming in, or five kids, or three kids, whatever it ends up being into those positions, and I've already talked to, I mean, probably 50 different companies that are all super interested.
John:Well, we would be happy to partner with you, right.
Dave:Yes, really.
John:When we built the SOC, it was like, hey, we're going to partner with all these companies, but it's actually never really become a thing. Really, it's become a well, it becomes a thing where I like just know people, Like I've got a student right now who's graduating next semester. He's a killer and I'm like, dude, they should be beating down your door. Sometimes it's just who you know till you know, even though you've got he's got a. You just got to make those connections, yeah, so yeah, Now that's you. You're on the same wavelength where this is how we we think about things. It's like building up this community, building up these people, giving them opportunities, and I love it. Like we've had like 50 students come through our sock and go on and kill it.
Dave:They're killers out there.
Steve:Yeah, they're killers.
John:Yeah, awesome.
Steve:Yeah, killers, yeah, awesome, yeah, yeah, no, that's great. So we kind of are we, we had those questions around trusted sec um, and kind of how you, um those two companies, uh, binary defense came to be. You kind of answer some of that a little bit so we can, we can move on. So what about, um, derby con and just building a community around, yeah, kind of you know, cyber security and and Trust.
Dave:to Think of Binary Defense was an interesting one because for anybody that wants to start a business, go and do it, and do it early and figure it out. I had no idea what I was doing at all. I had no idea how to register an LLC. I had no idea that I needed cyber liability insurance. I had no idea how to do taxes. I had no idea how to do payroll. I had no idea how to do taxes. I had no idea how to do payroll. You know, I had no idea how to do any of this stuff Right.
Dave:And I will say, you know, my wife, erin is is such an amazing human being. We're such a perfect like yin and yang in a good way. So, like I'm really good at communicating to people the technical work, you know, being a subject matter expert. Erin's amazing at the backend systems. You know being able to do the finance components, the taxes, the payroll, you know. So she's our CFO and head of finance and she's got a team. Now you know we didn't have a team.
Dave:We, you know, literally started in the basement of our house. I had four months of rent in the bank and if things didn't go well, you know I was going to foreclose on our house and great team, everything was going well to coming home and saying, hey, I think I want to leave this perfectly amazing job and started coming to the basement of my house and it was the time to do it. Like like I look back at that day if I'm like dude, you are effing crazy. Like what the hell were you thinking? Like you had a perfectly great job and you decided you were going to go sit in the basement of your house and start a company. Thank God I did that. Thank God Crazy Dave came out at that point in time because now we've got 350 employees over the world.
Dave:But it's one of those things where it's like I'm so glad I did it, but I'm terrified of it now of having to do that. But you learn as you go along, you build things as you go along. But here's the thing Again if you have good karma and you do things the right way, good things happen Right. So I was always, we're always the type of company that's like we will always do things the right way. We take care of our people. Like if you look at consulting generally, it's a 30% churn rate or attrition rates of your employees, like because it's just a taxing job. I mean, we're not even at 1% here and it's unusual for us to lose folks, you know. So we take care of our people. We take as much stress out as possible and people know throughout our whole company, like listen, if you're stressed out, you have too much work, let us know. We'll take you off of engagements so you can catch up and relax a little bit and everything else. It's not a sign of weakness. It's a sign of strength to be able to admit hey, I bit off too much, I can chew, or things are going on. Personally in my life. I need to take a break eventually started Binary Defense.
Dave:A couple years later we also started DerbyCon. Derbycon was one of my favorite conferences. You talk to folks that went to DerbyCon that was the best conference that was ever made. That's a great. That's great to hear. You're like, hey, you put on a great thing, but what was different about DerbyCon?
Dave:The story of DerbyCon is actually interesting because I was just at Churchill Downs in Kentucky and that's actually where DerbyCon beta started at. So Adrian, or Iron Geek, he was having a full day training class and he wanted to put on a free training class for Metasploit at the time and he asked me if I would teach a half a day of it. And I was like, sure, no problem. So we came down there and I taught a whole half day free for anybody that wanted to come in there to learn about exploit development and stuff like that. And the whole thing sold out completely. Like we had like 100 people there and so you know, I left that day.
Dave:I'm like man, we should start a conference here. It'd be really cool to have like a low bar entry, low cost entry, you know, cybersecurity conference that we can throw on. And it was like crazy because, like we all had our different like skill sets Like again, I'm good at the front face of everything and kind of being. You know, hey, what would be good for a talk, selection and tracks and things like that. Martin, who helped, uh, start derby con, he was a roadie and and a sound person for bands, so we threw like massive band parties and you knew how to get a hold of them and throw like these, you know get bands. We had, you know offspring and wu-tang and vanilla, ice and crystal method and sublime. And you know we threw these massive crazy ass parties and you know it's crazy because, like I'm in the back partying with wu you know after the show.
Dave:I'm like what the hell happened here.
Dave:Like you know, like what's going on. I'm like literally partying with Wu Tang right now. This is insane, and so you know. But the whole premise of DerbyCon was creating affordable, easy to come into training and cybersecurity conferences. That was for everybody and we had like multiple tracks. We had my favorite track actually was the new to InfoSec track and the prerequisite was you cannot have given a talk before in the past, and and so we had folks that had never given a talk before giving 30 minute presentations. You know about, you know whatever they learned and it was great. I learned so much again new generation, new kids coming in getting the opportunity to speak at one of these largest prolific, you know, cybersecurity conferences and you know it was just a great time.
Dave:We ran, I think, nine years. We'd sell out within like five seconds. You know it was crazy and you know, eventually it became much more of a job than it was building the conference. You know, because I mean when you start off with 500 folks, that's manageable. You know when you're selling out 3,000, 4,000, 5,000 tickets in five seconds, now it's an event and you have to deal so much. We'd plan, we'd start DerbyCon, we'd finish DerbyCon and then a week later we'd start planning again. It was like, okay, this is too much. Then we just decided to cut cords and say, hey, we did our thing. We had a lot of great folks. We had a lot of great people, gave people a lot of opportunity.
Dave:I still have people come up to me today saying DerbyCon changed my life, it got me into cybersecurity, it did this, it did that. One of my favorite ones that I remember is Matthew Graber Manifestation, who's one of the most prolific security researchers out there. I mean, just brilliant, look up Matt's stuff. And Matt was an amazing person. And Matt came up to me at DerbyCon. He's like, hey, I'm thinking about bridging into cybersecurity, what do you think and what would you do? And lo and behold, he becomes Matt Graber, like you know, like the guy that, like is one of the best security researchers out there.
Dave:And so, you know, it's like you know, I was instrumental in his career and his development and as well as a number of others and a lot of folks that we have hereCon. It started, you know, attending a conference, the conference, or speaking at the conference, things like that. So it's just been really awesome that it was a great time, had a lot of fun changed, a lot of lives built, an amazing community and a lot of conferences today are forged off of DerbyCon. You look at Wild West Hacking Fest. You know John wanted to create the same type of community amazing conference out there in Utah. And so you see these pockets of community that are still very much vibrant and alive, that are all about teaching the next generation of kids, sharing their research and knowledge, doing things differently and collectively coming together to figure out this problem. And it's it's really awesome.
John:Yeah, I'm back to what we were saying just helping others, right, Looking for ways to help others.
Dave:It was about and we would donate, you know we would. We would raise more money for charity than any other conference period. So, like we, we were raising, you know, 30,000, $40,000 a conference for various charities. Like we helped the Puerto puerto rico uh, that we were flying in food and you know, radios and batteries and things like that to there. You know we're doing amazing things um, just helping people out that were outside of cyber security too.
John:You know, it was just really awesome all together yeah, well, um, we're getting close to the end and I know you've got a bounce here in a few, but just wanted to, I guess, guess really wrap it.
John:I mean, we've hit so many good things on there's definitely some gold nuggets here for people that are looking to get into cybersecurity or level up. Is there anything there that you want to share that you haven't already Like? Hey, you know, when people come to you and they're asking these questions, what, what do you, what kind of advice do you give them?
Dave:Yeah, I think hitting on some of the things we talked about around, you know, figuring things out on your own, uh, being able to, to like I'll tell you, um, figuring out something on your own is extremely difficult and frustrating if you've ever done before, especially like I remember I was uh, developing, uh, there was a frack article on circumventing data execution prevention and it was an experimental article. It didn't have a lot of detail to it of how to do it, but it said it should be possible to bypass data execution prevention if we do these types of things and I was really fascinated about it. So I wrote one of the first depth bypass exploits but I spent like two weeks in my basement learning the internals of Windows assembly, everything else. I already knew assembly at the time, but I was learning more of the Windows internals and how depth worked and how stack overflows and everything worked. And I remember racking my brain around this and I couldn't figure it out and it was the most frustrating thing ever. I'm like man, I suck, I'm just dumb, I can't figure this out.
Dave:And I went through like these different known today as return oriented programming, rob gadgets and I was doing that, you know, early on, before Rob, gadgets were a thing and you know there's no, there's no book on it. There's no way of you know reading saying, hey, this is how you do it. There's no tool to help you build it together. You had to do it on yourself and I remember I, thousands of you know, like like sheets of paper, um, you know on my, on my desk and just like just handwritten assembly instructions. You know like just doing the math and everything else to figure this out and eventually I wrote this exploit right.
Dave:But it's those types of hurdles, the frustrations that that make you so much better because you do that. Now you understand that subject and you're you're really good at and you build on that knowledge. And you'd hit something earlier, john, around there's so much to learn in this industry and that's true, but you're never gonna know everything. So remember that and remember that. It's all about building blocks and gradually going and learning as you go and getting better with that. You know the the PowerShell stuff. When PowerShell first came out I'm known as the father of PowerShell security. That came from Jeff Snover who wrote PowerShell Jeff.
Dave:Snover who wrote PowerShell considers me the father of PowerShell security, which is pretty cool. But that came out and it was a brand new programming language. I was like, oh cool, I bet if we could write a bunch of exploits for this. And I gave one of the first ever PowerShell. I gave the first ever PowerShell OMFG and it was like the power of PowerShell from an offensive perspective, right, and so it's like doing creative things, learning new things, doing things differently that hasn't been done before and, most importantly, knowing that you can do it.
Dave:I remember when I first, when I went to my first DEF CON, I saw like HD Moore and Fidor and Zimmerman and the cult of dead cows and the shmoo group all these like prolific hackers that you know this industry is essentially built off of right. You know their, their early entry into all of this really kind of started the whole cybersecurity industry and I remember looking at them like these guys are just like savants or just so genius. There's no way I'll ever be like that. So but but the truth of the matter is you can it's not anybody can learn this industry, come in this industry and be successful at it. If you just apply yourself, you go through those frustration levels. You do the things, that that is good for you to learn and to do your tasks and to finish it and to build yourself up and then from there success comes from that.
John:Very cool. Yeah, ask for help too. You're not. You don't have to be on your own you know it's okay, you're going to run into those frustrations, for sure, but man, there's so many more resources today than there were when I first started getting into this, so there's a lot of help out there. But you're you will run into those same roadblocks, no matter what it is. I mean, even if you don't solve it all, you say, hey, this is what's cool thing, I learned right that you can share.
Dave:Share it, yeah share it, share it, share your knowledge with every, anybody and everybody, and ask for help that they're absolutely I learned so much from other people.
Dave:I got, I got thank god, I had mutts around with me, uh, hd more. I remember uh, I wrote an exploit. I wrote an exploit for uh for metasploit and it was uh, it was an internet explorer zero day at the time. My memory corruption flaw and, uh, I spent so much time making sure that it was like because I wasn't a big fan of ruby and I didn't know ruby that well as a python c, c plus plus assembly guy, and I remember writing this exploit and I sent it over to hd and I was so paranoid because I was like hd's gonna tell me this sucks, it worked. But you know, hd's gonna tell me it sucks well.
Dave:So I sent it to hd and like an hour later he sent it back. He, and like an hour later he sends it back. He's like, hey, dude, this looks really great, nice job, just made a couple of changes. And then I looked at the code and the whole thing was completely rewritten. So you know, you know you always can learn from other people and to do better things and and always ask folks that know what they're doing, you know, or at least you know, have a good understanding of it for their perspective, because it can help you build on what you need to learn. I learned a lot from HD and a bunch of other folks in this industry to really get me where I'm at. My good buddy, um, who unfortunately passed away last year, kevin Mitnick, was one of my best friends in this industry. I learned so much from him and, uh, you know just you know, you learn so many good folks and there's this industry is just filled.
John:Yeah. One last thing I want to ask you, cause, if you can see the audio, dave's traps are showing out in the back. So anything you want to say about WeHackHealth, cause I'm a follower, I follow some of the stuff you're posting, so anything you want to say about that, that program initiative.
Dave:Yeah yeah. So check us out at hackingyourhealthcom. And then we have a podcast. It's called Hacking your Health the Hacking your Health podcast. It's weekly and it's me and my personal trainer, ben, and we just talk about what you can do.
Dave:I used to be extremely overweight, you know, I was in the obese cycle. I wasn't sleeping a lot. I drink alcohol. I still drink alcohol here and there, just, you know, more in moderation.
Dave:But, um, but, you know it's like you get that cycle of like you know, cybersecurity, you're, you're sitting in front of your desk for 12 hours, 15 hours, sometimes 20 hours, sometimes two days, um, you know. And so I really decided, you know, my health was, was, was wendling down, I was tired all the time and I decided to take control of it. And so now I'm in a regimen where, you know, went all in on this one too, and you know how you burn calories, how you build muscle, and I've really been able to transform myself. But, most importantly, I'm the healthiest that I've ever been. I have the most energy for my family, my kids.
Dave:I, you know, went from, you know, barely being able to get off the couch to, you know, really helping my kids and being a coach, instructor for my kids, basketball teams and everything else. So you know it's really again about the time you put into yourself is equally important to the time that you do other things. And remember your job is important, but your health, your life, everything else, your family- that comes number one, no matter what Absolutely Awesome Dave this has been amazing.
John:You basically ran the podcast.
Dave:We didn't have to do anything. You guys did great. You guys did great. Thank you so much for having me. Seriously, you're awesome. Thank you so much. Thanks, everybody Appreciate it. Take care.
Steve:Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.
John:Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.
Steve:Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Higuretta.
John:Thank, you for listening.