Cybersecurity Mentors Podcast
In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.
Cybersecurity Mentors Podcast
From Marine to Mandiant with Ryan Rath
Ryan Rath shares his journey from the military to a significant role in cybersecurity with Mandiant, discussing the challenges faced during the transition. Key topics include the importance of networking, the evolving skill sets required, and the ethical responsibilities of cybersecurity professionals, highlighting the need for mentorship and continuous learning.
• Ryan's military background and transition to cybersecurity
• The significance of networking in career development
• Challenges faced while applying for jobs in tech
• Importance of practical experience over certifications
• Skills needed within the cybersecurity landscape
• Ethical considerations in handling technology
• The role of mentorship and giving back to the community
Mentorship - sign up for a free session
Ryan Rath's LinkedIn Profile
Could you teach me First learn stand, then learn fly. Nature ruled on your son, not the mind.
Steve:I know what you're trying to do. I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it.
John:What is the most inspiring thing I ever said to you, don't be an idiot.
John:changed my life in this episode of the cyber security mentors podcast, we talked to ryan rath, who works at mania, who's now part of google um. It was a great conversation we had with Ryan. He shared with us how he came up through the military and it shares his veteran story of what it's like and how it was not easy for him to transition from the military to cybersecurity, and talks about certificates. He talks a lot about certificates. I thought it was really helpful and interesting yeah, what do you think about?
Steve:some of that yeah, no, he, he kind of puts it in a good picture in terms of, like the importance and what to do and how he saw his whole journey around the certificate idea. So, yeah, definitely, it's definitely good yeah, and he's.
John:He is in the trenches. So I think that's what's good for people to hear is that he is like fighting fires. He's one of the guys that people call when the when that's right. The bad things happen. Mania is one of the is really the company people call right that that's right. So he's got a great perspective of what he has had to do to get there for people to hear.
Steve:And it wasn't easy. No, it wasn't easy, it was challenging. He shares, he talks about some of the difficulties and some of the just the hard work and just consistency and just determination that helped him get to where he is today. So, yeah, it's definitely a good conversation.
John:Absolutely, so take a listen. We hope you enjoy it. I think you'll get a lot out of it, and we appreciate you coming to check us out. Yeah, thank, you.
Steve:Welcome to the Cybersecurity Mentors Podcast. Today, we have the pleasure of speaking with Ryan Rath, a Senior Incident Response Consultant at Mandiant, now part of Google. In this episode, we'll dive into Ryan's journey and discuss the evolving landscape of cybersecurity. So, whether you're an aspiring cybersecurity professional or a CSUN expert, ryan's insights are sure to provide valuable perspectives. So let's dive in. Welcome, ryan Rath.
Ryan:Awesome. Thank you so much for having me. Great to get started.
John:Yeah, welcome Ryan. Yeah, ryan and I and Steve we met during an incident. We won't go into the details, but it was great and when we talked to Ryan during that time I was like man, this guy, I think he's solid, he's got real firefighting, you know, he's in the trenches with us and I thought he would bring some great perspective to our listeners and people that are looking to go down a similar path and looking to maybe transition for the military. But yeah, ryan, just tell us kind of general about yourself and what you do.
Ryan:Yeah, absolutely so. I was originally a Marine from 2008 till 2018. In the Marines I was a 1361 drafter surveyor. All my Marines out there may not know what that is. By the time I left in 2018, there were only five E-5s in the entire Marine Corps, so incredibly small MOS. You know there was limited options for promotion just due to the size and scope. And about halfway through my career.
Ryan:So I did Marine Security Guard. So I got to travel the world, work at American embassies for three years. That was pretty cool and with that I ended up coming out of it with a top secret security clearance, which was super fantastic for me. I know a lot of folks in the military. You know they acquire their clearance through multiple different means. For me, it ended up being a an awesome catalyst into being able to work for the government in cyber security. So doing civil engineering it was. It was a lot of fun. I did enjoy it quite a bit, but I was looking to change gears. It's not something I wanted to continue doing in my career. I just kind of you know I I thrive on solving puzzles like that. That's my main motivation in life and I'm sure a lot of folks in this industry can relate to that right. Like when I was a kid I used to have these the metal uh, you know puzzles that you try and like escape the nails without dropping them.
Ryan:Terrible at those.
Steve:Oh my gosh, I used to spend hours as a kid messing with those. I think it drove my parents nuts with the clanging of them.
Steve:Yeah, yeah yeah, I think they locked me in my room after a while to play with them instead of letting them through the house, but anyway, so that's kind of a little bit of what drove me. And not that engineering wasn't cool. It just didn't scratch that itch enough for me. Always been big into computers, never really looked into it much until a little later in my career. You know, maybe embarrassingly a little bit, but I learned how to hack and I've been watching some DEF CON talks on YouTube and I was like man, that's actually really cool. Like this is super. It was a puzzle. I didn't know how it worked. I wanted puzzle. I didn't know how it worked, I wanted to figure it out. Uh, and then I forget exactly when, like 2015, 2016, mr robot came out and I was in the military board and I was watching this.
Steve:I was like oh my gosh, this is so cool like yeah, like that's when it really dawned on me like, oh my gosh, this is like the power of, that's a cool puzzle, like you can figure this out and make that happen. So you know, when I started looking into it around 15, 14, 15, 16, somewhere in there there wasn't a whole lot of material. There were some YouTube videos, but there wasn't a lot of podcasts that I could find.
John:And that wasn't even that long ago. You know what I mean.
Steve:I mean I guess it's almost a decade ago now, wow.
Ryan:That's crazy.
Steve:Holy smokes, okay, woo, anyway, yeah. So even then there wasn't a lot out, anyway, yeah. So even then there wasn't a lot out and it doesn't feel like it was that long ago. But I'd find random YouTube videos or people's blogs and one of the first things I found was how to hack Wi-Fi. And I was like man, that is so cool. So I set up, I had this old little crappy Wi-Fi thing, right Like this tackles into my drawer.
Steve:Every man has their wires and junk drawer. Mine is full so I pulled one out of my. Uh, my junk drawer set it up, had my wife set a random password and I just started playing with it. I was like that is so stinking cool. I had this old like lenovo laptop that I bought off ebay for like I don't know 50 bucks and had barely a processor in it, let alone a gpu.
Steve:So it took hours to try and crack this password but, when it actually actually worked, I was like, oh my gosh, this is the coolest thing ever and that was such a cool puzzle for me to solve. And it essentially just launched me into this career when I was in the Marines, before I even got out. So I knew I was like, okay, I want to go do cyber. That was kind of the starting point for me. This is such a cool puzzle to solve, like it's. It's intellectual, intellectual, it's difficult, it's uh, got all. It ticks all the boxes right, um, and I don't really know everything else that went along with it.
Steve:But, man, uh, from there, I was, I was, I was in, I was hooked, I was willing to learn it. Yeah, I was, I was there for it. Um, so by the time I went to get out of the marines in 2018, I had taken advantage of a couple of programs they offer when you leave the military right, like they'll offer to send you to a certificate for free. So I went and got my certified ethical hacker. I didn't know anything at the time.
John:I thought that was like, oh, that sounds cool, it might like, because I wanted to be a red team.
Steve:Right, I started hacking wi, hacking Wi-Fi, Like I started learning how to hack. I wanted to go red team. That was like where I wanted to be. I was like man, that's so cool, I'd love to write an exploit someday. I'd love to go give a talk on this exploit. I found That'd be the coolest thing in the world. So I was trying to figure out how I bridge that and at the time I didn't realize. All I had heard was oh my gosh, everybody needs. There's so many jobs in cyber. Blah, blah, blah. It's easy.
Steve:I was like well, maybe if I get a couple of certs under my belt I'll apply. I can get an interview at least and like, share my enthusiasm. That's really what I was hoping would allow somebody to finally take a chance on me, without formal experience and as I transitioned out with I had at that time I and as I transitioned out, I had at that time my CH and my Security Plus and I thought that was enough to get me started.
Ryan:That's the golden ticket. You're ready to go? I?
Steve:thought I had it From everything. I could read all the forms.
John:I was like all right cool.
Steve:At least these are what people are looking for. Hopefully that might get my name in the door, but that was not the case. I got out in 2018. But that was not the case. I got out in 2018. I was very fortunate to get a job at a small MSSP up in Atlanta. There, my wife is really from Atlanta, so when we got out, she wanted to be by her family and friends. I'd made her move for 10 years before that, so obviously it was my turn to follow her right. So we got out, moved to Atlanta. I thought there would be lots of opportunities. So we got to move to Atlanta. I thought there would be lots of opportunities and I think I underestimated the work experience part that folks were looking for, which, to be fair, that's obviously.
Steve:This is a skills-based industry and I think that's something that when people hear it, they're like yeah, of course, right, like makes sense. Every job you have, they want the skills. This one just happens to be so technical, so complex, so many nuances, so many layers of technology and specific companies and protocols and all these things. If you don't have that kind of work experience it's a lot to learn, it's a lot to catch up on you may think you're good. You know what you're doing. Every environment's different. Every time you walk into somebody else's kitchen, the utensils are somewhere else, right, like no one kitchen's the same, no one it network's the same, nothing. So having the skills underneath you to be able to roll in those environments, like yep, I've seen that I kind of understand what this is. Oh, I haven't seen that before. I'm gonna go dive down a rabbit hole real quick on youtube and google. We're gonna learn this thing and then we're gonna you, then we're going to understand its role that it plays here.
John:Now, was this for a red team position that you were applying for, or just a general security position?
Steve:So that was for the regular help desk, the managed service provider I'm sorry, I said MSSP, I meant MSP managed service provider. So they did things like physical access. I installed server rooms, I installed cameras. I also set up networks and servers. We did all those things. But I was really looking to try and get to the help desk. I was like this is where I need to start my career. Right, everybody starts at the help desk. I am absolutely willing to humble myself like I'm not better than anybody else. I I am absolutely willing to humble myself like I'm not better than anybody else. I don't want to skip a step here. I want to make sure that I'm getting this experience that I need. It just took a minute to get there, right?
Steve:It just took a little longer than I had hoped. So I had to go out on the roofs of Atlanta and install security cameras and parking decks in the middle of summer and man, it was a great experience. Don't get me wrong. I had a great experience. Don't get me wrong. I had a great time. I worked with a great group of people, but it really lit a fire under my butt to get in an office. I sweat too easily. I'm originally from Minnesota, so if I'm out in the humidity and heat I'm dying. It is not my preferred place to hang out, day in, day out. Now, looking back, being chained to my desk, I wish I could mix it up.
Ryan:Just a touch Right, right, right, you know hey.
John:Get some sun.
Steve:We overcorrected. Maybe we can find something down the road to bring it back in. Yeah, yeah, but yeah. So from there I worked outside installing cameras, security systems, those type of things, which was a lot of fun. I actually used to do that as a locksmith before I joined the Marines, way back in the day, so it was a lot of fun actually. And then eventually they had the spot open on their IT help desk, which was cool. I did that for a couple months and then the owner came in and decided he wanted to call us all network engineers. I was like ooh that's cool.
Ryan:I'm not a network engineer, but I'll take the title.
Steve:And at that point I'd continued applying for jobs. I quit counting after 200, I think and not hearing anything back or getting the denial email. So it was just something that I kept workshopping. I kept trying to figure out what working on my resume. I kept working on looking for jobs that I wanted. Andping, I kept trying to figure out what working on my resume, I kept working on looking for jobs that I wanted and trying to incorporate that into my resume.
Steve:If I had relevant experience, you know, I just couldn't quite hit anything. I couldn't quite get a call back, none of those things. And then I applied for a contractor position for Special Operations Command and didn't really expect to hear anything back. Turns out they really needed somebody with CEH Security Plus and a top secret security clearance. So just the fact that I had those things I was already top of the list. I could come in and start the job, because if you didn't have one of those things you had to have it done within the first six months or they had to let you go. It was a requirement of working on the network. So it took me a while but eventually you trust the process, you keep working, you workshop things, you talk to folks and that was the thing at the time I was really trying to work on is growing my network.
Steve:I would go to hacker meetups, I would go to all these other things. I would meet people. It was pretty cool. I met there was another large company that's based out of Atlanta. They sent a couple of employees there. Right, like you know, they pay them for their off-time type deal. Go try and find talent. Got to meet a couple of the red teamers and their challenge was a PHP web shell upload type thing to this uh you know web server that they were running. And so this guy next to me he literally was like oh, I know what this is. And he just wrote like, knocked out a quick PHP backdoor web shell, uploaded it and then executed. And I was like dude, that is the coolest thing I've ever seen. That's where I need to be. I need to plus it up here. I need to keep working harder, try harder, right, yeah. And so I was able to add network engineer to my resume at one point. That is what ended up leading me to the job at SOCOM. So I put network engineer on there.
Steve:I did the interview with a very now a very good friend of mine. We were actually coworkers at Google. Now together, he, he works at the central region, I'm in the government region. We both got there through different means, but we both ended up at the same place. It was. It's really cool. He's one of my very good friends and, uh, you know I can't thank him enough. He's. He's the entire reason I have my career today.
Steve:So, uh, that's awesome, yeah, um, but yeah, so I was able to get my foot in the door there, and so this point is for a lot of the veterans out there when you go through your resume workshops, they're going to have you take your military resume and turn it into a civilian resume. That's a good thing, because when they first did that for mine, they started peeling back. Like all of the things that they tell you to do in the military. Like you got to add beans bags and bullets right, like there are beans, bandages and bullets. Like you got to add beans bags and bullets right, like there are beans, bandages and bullets. So you got to add how much value, or you know how much of this equipment, how many personnel did you train, how many, how much? You know all those numbers and things that quantify your job. I started peeling that out of my resume. I was like, well, like what, this is everything I've done in the last 10 years Like let's not throw everything out.
John:You know Right.
Steve:And they're like, oh well, we don't need these awards in there and this, that. And I was like whoa, like that's literally all I've been doing for the last decade. I got to keep some of this stuff. So I got my resume back and they had taken a bunch of my awards off and they had taken a bunch of my accomplishments off, which is fine, I get it because it wasn't applicable to the field I wanted to go into. Nobody wants to read about, you know, experience in a prior things. So I was like okay, tried to trust the process. But, in keeping true to myself, I snuck some of my awards back on there that I was proud of, and one of them was my joint commendation medal and I had to work my tail off. So at the time I was working with the special operations command central and I was running their jock forum, helping them run their telecommunications and get their meetings off without a hitch so they could get their missions from the general and move on with their day, worked my butt off for that. I showed up early, last one to leave, made sure that everything went off without a hitch. I got to be in an environment where everybody was at the top of their game. They were all there because they loved it.
Steve:So being in the military, it's very formal. There's no first names, it's all last names, it's all your rank, whatever you get into special operations, it's all first name. Hey Bob, hey Chuck, hey Dave, he's a two-star general. What's up, dave? What's going on today? You know it like, it's so rigid, it just blew my mind and I was like dude, this is where I want to be. I should have done this years ago. What happened here? But it lit a fire under my butt to work extremely hard and that is where I earned my joint commendation medal.
Steve:And it turns out that my boss at the military gig or the contractor job, he also has his joint comm. He's like man. His resume is a little weak. It's not like as strong as it could be compared to some other people, but I had to work my butt off to get that joint comm and they don't just give that off to anybody. So if he had it, he must be a hard worker. I'm going to take a shot, I'm going to take a chance, and that that's really why they took a chance on me. That's, that's how my career started. Very thankful for to him for this day. But the point for the military folks is be true to yourself. If you're proud of something, keep it on your resume, speak to it, be able to say why you're proud of this accomplishment that you had. If you need to explain it, you know, in less military jargon figure out, workshop that a bit, figure out how to do that, but don't don't take it out of your life. It's something that you worked hard for.
John:Yeah, that's great advice, because when we try and help people kind of tailor their resumes like, especially if they're coming out of a different industry into cybersecurity, there's a lot of stuff that they have done at some point that can translate and you can. You know, it can just roll right over to cybersecurity cybersecurity, excuse me. So I think that's great advice and I think everybody should definitely listen to that for sure.
Ryan:yeah, I mean, if I see that on a resume, I'm not going to be like, oh, this is gonna degrade your resume. I'm gonna ask questions. I'll be like what is this?
John:this is cool, it sounds cool if it made it, tell me about this.
Ryan:Yeah, it's important, yeah yeah, for sure no, I think, um, yeah, I agree with you, ryan, just like, keep it in there. But you may need to tweak it a little bit to say, hey, this is what this is and explain it a little bit. But other than that, yeah, if it's something, don't get crazy, but but definitely the things you're proud of that you can. Somebody asked you a question about it. You'd be happy to share what it is and and how you got it right especially if you have a good story behind it.
Ryan:Yeah, yeah absolutely so, yeah. So from there, I mean, I think there's there's definitely some lessons for everybody, right? Just how? Number one when you first got out, you thought you were going to be good to go with those certificates found out quickly, that that's. You know, that's not the answer. It is part of the story, it's part of the deal, right, but it's not the answer.
Ryan:But you kept, you had persistence, kept going right, you kept looking at those job opportunities to look for what you needed to work on and, you know, look for the skills that you need to level up in um, which is something we say a lot too is like hey, look at that position you're interested in. Find the things that you don't have, level up on those things. Right, work on those things, yeah, um, and to just keep building your network, reaching out to people, meeting, meeting new people, getting those connections going, which is a huge, huge part of it. And just when you show up and you know, hopefully you get the opportunity to to interview all that stuff that you did and had been doing up to that point, you could talk about it and, as we were talking about earlier, the attitude comes off of okay, he's getting after it, he's passionate about this, he's excited about this, he's looking to get you know, he wants to do this, he's eager, he's motivated, and you can not just talking about it, but you can prove that you can back it up Right.
Ryan:That's what people need to be able to do is not just say I am passionate about cybersecurity and then you go well, what are you doing Right, what are you doing about that? And people will be like, well, you know, and they don't have a good answer, right? So I think that's a lot of I'm sure that helped you, you know, when you had that interview with SOCOM, and you're like this is what I've been doing right, I've been trying to get in and find ways to level up my experience. So that's really good, and I think that's good for people to hear that sometimes it's hard, it's not simple.
Ryan:It's not like I jumped out and I had my first job and I was ready to go right. You had to do some of the grunt work.
Steve:Yeah, you know, to that point there's, I know, a lot of folks, especially at Google. They've obviously they're coming into a position where we're extremely, I'd say, accomplished at that point in cybersecurity. They did it for the military. It's a nice transition forum. They have all these transition programs. I forget the name of it off the top of my head, but essentially in the military they will offer you a six-month paid internship. Like a bridge A bridge yeah, I forget the name off the top of my head, but it's a bridge, a bridge.
Steve:Yeah, I forget the name off the top of my head it's a bridge and the government will pay for you to go work as an intern for this company. They can't pay you, that's part of the deal, but you get six months of on-the-job training and if you get picked up for any of these things, it's essentially a guaranteed job when you get out, especially at Google. If you fit in well, if you're willing to learn, if you don't let your ego get in the way, you're going to be getting a pretty sweet transition job when you get out. As a career switcher myself I didn't necessarily have the ability to go into a computer role because I was an engineer. It's a whole different ballgame. If I wasn't in the specific MOS for that, I didn't really have a shot.
Steve:So it wasn't for lack of trying, but you know, hey, that's all right, Made my own way right. Just took a little bit longer than I would have initially hoped for. But hey, life doesn't go to plans. You don't keep. You know, everybody's got one until you get punched in the face. I got out, got punched in the face. We, everybody's got one until you get punched in the face. I got out, got punched in the face.
Steve:We kept on moving right, like that's the kind of drive you have to have and we're always looking for folks like that. It's such a difficult person to find. When I used to hire for SOCOM, when I got promoted to the team lead, I would ask, like, do you guys have any home labs? I would ask them about current CVE. Know cves that may be out? I just wanted to see, like where their mind was at I didn't.
Steve:Yeah, I wasn't looking for somebody to come in and collect a paycheck. I needed somebody to come in and help me slice through all this splunk data and look for evil, like I'm here to find bad guys and kick them out of the most elite fighting forces network in the entire world. Like I wanted them. I didn't want them there, I wanted them out. I was going to find them. That was my job when I was there, so I was looking for other folks that were like yeah, let's go get after it, right.
Steve:That's right. Yeah, I mean every single day. It's pretty interesting. So before I jump a little too far ahead, actually I want to talk about my MSP job and when I was up on those roofs and I was in those car garages, when I was on the road going to a job site, uh, you know, sweating my butt off not not totally loving the whole thing, I would be. I would have a podcast, I would be listening to all the YouTube videos that were out there. I'd be studying for a certification. So, even though I couldn't necessarily watch a video on YouTube, I was listening to stuff in my spare time. Like, if I was sitting there, uh, you know, doing the whole rack right, like you know, splice all the wires into the to the rack, just mind numbing job, just just sitting there splitting cables one after another, put it into the jack Like, oh my gosh, that that was awfully mind numbing.
Steve:But I was sitting there, I was learning as much as I could. I was learning more about encryption, I. But I was sitting there, I was learning as much as I could. I was learning more about encryption. I was learning more about computers. I was learning everything that I possibly could. And that is something where, when I got out, I was like man, I got punched in the face. I was unprepared. Let's get ourselves up to speed as fast as possible. So I think, even still, I do quite a bit of that, but for a five-year chunk, that is all I did. I lived, eat, breathe. I'd have my own labs I created I don't know if you guys have heard of Velociraptor. It's a DFIR tool. It's open source Awesome, by the way, love it. I was using that. I created my own labs. I was getting spun up in the cloud. I was learning how all that environment works, how you secure the cloud.
Ryan:Um, man, I, just I, I ran everything actually I ran up a huge cloud bill once. That was a. That was a fun mistake, um, but hey, you know what? Hey, uh, she's like what's this amazon bill?
Steve:yeah, yeah, you know when it hit four digits and you didn't realize it would it was kind of a shock. Oh wow. So that was a fun whoopsie, whoopsie.
Ryan:But you learned, I learned, I learned.
Steve:You know what? It made me feel a lot of compassion for companies out there that are going to the cloud. I was like man how do? You make sure an employee doesn't just pull a whoopsie, and now you're out on their scale, which could be hundreds of thousands.
Ryan:But yeah.
Steve:So, anyways, that was kind of another point that I wanted to share with the audience. If you're in a mind-numbing job or you're not where you want to be right now, that's okay. You don't have to be hands-on hacking things, whatever Throw in your headphones. If you have an opportunity, if you're on lunch Driving in the car to go to and from work, that's your learning time, that's you time, and what you choose to do with you time will either help you in the future or may not. I really wanted to do this. I chose. I was like look, every waking minute that I'm awake, I'm going to be stuffing something into my brain, and that really helped me catch up and get to a point to where I was in a position to go into SOCOM and begin my cyber career, which was awesome yeah, and I'll jump on that too, like there, the good news is is there's so much to learn from.
Ryan:That's also the bad news is there's so much, but that's okay. You just need to just take it one step at a time. And I think what people do is they get overwhelmed. Right, you've got all these different platforms, all these different learning tools, certificates, everything. It's easy to get overwhelmed, right, but if you just find the thing you know, find the thing that excites, you, find the thing that you get interested in and doesn't have to be that same thing forever, right, because that's the good thing is, you can mix it up with variety.
Ryan:But don't just not do the thing because you're just overwhelmed by all the options and all the material that's out there, and I think that's a thing that most people nowadays. It's a great problem to have, it's an embarrassment of riches, but because when I was coming up, there was nothing there were, there was no youtube, it was you, you know there really was nothing to learn from. Now it's total opposite, which is great, but you have to get through that, that hurdle of like wow, I don't know which one to focus on, I don't know. Just pick something, pick something that you're interested in, that excites you, and get on that thing and just keep doing it, and then, if you get bored, okay, that's fine, take a break, do something else. That's the cool thing, right.
John:Yeah, it can be overwhelming, that's for sure. But going back to kind of during your interview process, when you were interviewing for that position, I mean all the stuff that you were listening, that you were watching, that you were doing on your own time, all of that played a part, right, like all of that showed your interest and showed the knowledge that you had gained basically on your own, and I'm sure that played a big part as well as to show the determination that hey, we're gonna, we're gonna pick this guy cause he's been busting his butt on his own to get to this position, right, I mean, I'm, I'm, I'm assuming that's kind of how, how that helped you along the way.
Steve:Absolutely so, looking back on my resume at the time, I actually pulled up an old resume when I got hired just to kind of, you know, do a little walk down memory lane Um, but I was like, wow, that that is not a strong resume. I like I, and rightfully so, I had just gotten out, it was like I'm switching careers, all those things, and I was like, boy, I, I, I very much lucked out my boss at the time, ryan garrett, great guy, great dude, um, and he, he, he was willing to take a chance on me. And I, I knew my resume wasn't strong at the time. I knew they wanted years of experience and all this stuff. And I was like, but you know what, if I get a chance to get in there, I'm going to work harder than anybody. I'm going to show up before anybody, I'm going to leave later than anybody, I'll do the overnight shift, because at that time we had 24-hour coverage. So I was the overnight guy, right, and I was like I'm going to find a cool ticket every shift. That was the goal I set out for myself. I was going to go find something interesting, something weird, something evil, and I'm going to write a ticket on it Didn't always work out, didn't always pan out that way, or I'd chase up some ghosts right, go down a rabbit hole.
Steve:That led to be nothing. But you know what. A couple of them panned out and it got me uh, you know, a couple of the leaders at main socom like hey, what? This is interesting, what's going on here? Because normally in those meetings it's it happens every day and the commander gets briefed like okay, we had this incident, this was found, blah, blah. This is where we are yada, yada, yada, and it was a lot of, you know, oh, army, plugged in a bunch of iphones into their secret laptops.
Steve:Again, we can slap their wrists, move on, you know, and just be like full of stuff like that, like just kind of mundane, boring non events, and I was like I that's cool, that's part of our job, we're supposed to do that Right, but I want to find the cool stuff, I want to dig deeper. So in doing that I had to learn. That was really where I learned a ton about Splunk.
John:That was our main sim at the time.
Steve:So I spent every day, eight hours a day hammering away at.
Steve:Splunk for years and it was the best thing that could have happened to me. That was so much fun. You know that's. I learned to love large data sets and bending them to my will and just you know, twisting like I could walk into anybody's Splunk instance, run a few queries and just start twisting out. Okay, this looks odd. This is the outlier Pattern. Recognition like that, puzzle solving like that is so stinking satisfying and I can't get enough of it. I wish every customer had that.
Steve:But, hey, you know it's all right. It's expensive and it's super difficult and it's labor intensive to get working well, let alone right. So it's one of those things. And then, being a consultant, I get to walk into lots of environments with new tools, or the same tools with different capabilities because they have different licenses. All these little nuances that you can't possibly keep up, yeah. But you know, you just dive in hard and figure it out.
Ryan:I think you're talking my language now. I mean, one of the things that I talk about too is kind of like a human intrusion detection engine. Right, you're just going through and finding here's all this volume of data. But as you do that over and over and over, you get good at finding the weird in the volume of data. But as you get do that over and over and over, you get good at finding the weird out in the volume of data. Right, okay, this is, this is not, you know, necessarily bad, but it's different and it's odd and it's weird. And let me dig into that.
Ryan:And almost every time that I had time to just find evil, just find weird, maybe find it weird that might turn into something, I would always find something. Right, it was like, okay, let me just go through and just weed through stuff and just start filtering down. I would cast the big net, then filter the net down, right, and then almost always something would pop up and be like wait a minute, that's not right. And so I think that's another lesson for operators is that you know, don't wait for the alerts. Sometimes the alerts, you know those are. You'll never get an alert for some of these things, right.
Ryan:So if you have that time, and now they call it, you know threat hunting is, I guess, the official terminology, but really you know, I was doing that before it was called threat hunting. It was really just looking for weird. Like, hey, I'm gonna go look for weird stuff. I don't have iocs that I'm looking for, I'm just gonna go look for the ghosts in the wire that there's bump, a bump in the wire that just looks unusual and um, and I'd really like. That part of my career was one of the funnest times in my career, even though it was so much data that he had to weave through and so much volume of information. It really is cool and fun to be able to find those that thing that you would never have gotten an alert on. And then you go dig into it. You're like, oh man, this is not good.
Ryan:Let's go, keep going Right.
Steve:Yeah, yeah, I know it. Um, I've been doing this for four years now. Uh, for kind of joined at a fun time. So I joined when it was fire eye, then we divested and it became mandiant and then now, you know, we got acquired by google. Uh, yeah, but initially it was kind of didn't understand I was getting into a consulting role because I was in a sock life and I knew consulting. I was like, okay, cool, I'm gonna talk to customers, whatever the.
Steve:I didn't quite understand the importance of having those people skills initially, because I was I went super on keyboard, super in the weeds, super working with large data sets to squeeze out evil, squeeze out the statistical outliers. To now, I have to work with customers, work with clients, be externally facing, which was fine with me. To be honest, I've always wanted to get up and give talks, presentations, so that was something I was like cool. I get to learn how to flex this muscle. I get to learn not on a big stage where I might fall flat on my face, who knows but I get to learn in these usually small one-on-ones with the important folks at the companies and I get to learn from them as well. A lot of people think, as a consultant, it's my job to get up there and Ooh, this is why we this, this is what we're going to do, this is what we found Like. Honestly, a lot of the time of my, a lot of what I do every day, is kind of breaking down some of these complex topics into uh, you know, metaphors that anybody can grasp right, like things that will take something that's a complicated technical skill and turn it into something that anyone with any level can understand. One of my favorites just kind of riffing here a little bit One of my favorites is the remote access tools.
Steve:Right, like, so you've got team viewer, any desk, any connect, all those things right. They're all tools, they're all legitimate in their own way, but just like a hammer, I can take a hammer and I can build a house. Or I can take a hammer and whack you in the head with it, right, like it's just one of those things. It's living off the land it's, and cyber bad guys know that. That's why they do it right, because they're not going to create all their custom tools and custom scripts. Some do, but the majority of them are going to try and use what's already out there to help fly under the radar right that infrastructure gets burned.
Steve:They don't want to have all that work thrown out. They'll just move to the next tool.
Ryan:That's already been done for them, yeah yeah, well, let's talk about how that transition to fire eye we were. We were an original fire eye customer, so we worked with fire eye for a long time. Um, but, um, but yeah. So how did that? How did that interview go? How did you end up landing that position at FireEye?
Steve:Yeah, that was probably one of the luckiest circumstances that happened in my life Because at the time I was working in a SOC, specifically AFSOC. So we worked up in the panhandle of Florida and I was co-located with the special operations for Air Force. I was in charge of their network specifically. So at SOCOM they had team leads and they broke out to all their different co-coms. I was at AFSOC so I got to lead a team of five cybersecurity analysts and three engineers, two engineers full-time, the other one just kind of did his own thing. Anyway, so, being kind of in charge of that small little environment, it allowed me to work my way through. When I got, when I was the team lead at AFSOC down at SOCOM in Tampa, here they had a team of five dedicated fire eye consultants. They paid every year to have a dedicated team of these consultants, of incident response consultants, on retainer at all times. So as our SOC being level one, even if you were kind of advanced, that was our true tier two. So they were the next step.
Steve:So if one of us found something weird, they would be the ones to go in and take the scalpel and really say, okay, what are we looking at here? What's going on? Why is this bad? And through a couple of those tickets that I told myself I was going to go find something weird, I found a few things weird and I got to work with those guys. I got to work with the principal who was in charge of the whole team on some of these things that I found, which was super awesome for me. I was like oh man, fireeye is like the king of the crop. They're awesome for me. I was like oh man, mandy and their fire eyes like the king of the crop, like they're, they're number one. Like that would be the dream job. That's like in cybersecurity. For me at the time that was like the. You've made a job. That was the that was the goal.
Steve:Right, and so you know, I always, I, I, I love to go sit on people's desks. Uh, it's a little bit harder now me working from home. It kind of stinks. I wish I could have more personal interaction. That's really where I tend to thrive. But I essentially did the same thing, just through teams and whatever. Like I'd reach out to him like, hey, what are you guys doing? Is there anything? You know, I really just tried to, you know, make those connections and learn a lot as much as I could from them. That's really what it was. I wanted to learn what they were doing. I was like, okay, well, if I'm learning all this stuff, what are they doing? That's more than what I'm doing. I want to do what they're doing.
Ryan:Why can't I do that? They're doing it.
Steve:I can do it. They got the same stuff we do. It turns out they don't. They had like some fun extra stuff in the background that they got to play with that.
Steve:I didn't know a year, two years, whatever it was. And then a couple of the guys on the team left and I was like, hey, matt, can I put in my resume? And he's like, absolutely, so I put in my resume. He recommended me for the position and since it was his team on the contract, there wasn't a whole lot of issues going through that process. I did the formal interview. I couldn't obviously interview with him It'd be a conflict of interest, right, because we already had a relationship. So they had me interview with somebody else.
Steve:That interview went very well, thankfully. We got into the weeds, we got into some reverse shells and all kinds of cool things that we need to be looking out for and processes and kind of the deal of talking about being a consultant. So, you know, got fortunate through that interview process as well and I joined the team a couple months later. So that's how I started my career. And I started my career at SOCOM as that was my only client. I was technically a consultant, but I was really more just on their team, right.
Ryan:Sure.
Steve:So from there, a few weeks later, a few weeks later, uh, I was planning on selling my house in the panhandle coming down to Tampa, cause we had to be in the office you know secret windowless rooms, blah, blah, blah. Uh, we were moving down here and I sold my old house and I had put money down on my house down here. And in that time I sold my house on a Monday and on Thursday they told me the SOCOM didn't renew our contract.
Steve:I was like you have got to be kidding me. I literally just sold my house where I lived and loved. You know like it's those. Maybe not the dream home, but man, we sure loved it there. And now I'm coming to Tampa.
Steve:I didn't know at the time if I had a job or not. I didn't know if they were going to like cut me loose or I could apply for another job in the company at the time. So I was, you know, felt a little flat-footed for the first time in a while, which I didn't appreciate. But you know, it's just one of those emotions. Things happen. Oh my gosh. Public sector, where companies bought, sold, divested acquirements right, you could be at the same company and work for three different ones at the same time that's, it's, it's so then it's, it's interesting, but it's a good skill, because that's kind of what it is, especially cyber security.
Steve:You just got to roll with it.
Steve:There's always change there's always new exploits, there's always something coming down the pipe and if you focus on it and you're like, oh my God, what's what's going to happen here, you, you, you tend to just say, okay, well, that's not ideal, less than I, the wheel of less than ideal, right, but we're going to. We're going to figure out what we're going to do and we're just going to move on and figure out the best path going forward. I try not to sit there and let it get me down or dwell on it for too long, because I got young kids, I got a career. I want to keep going.
Steve:I'd say I'm probably about midway through my career. At this point I'm in a good spot, I'm enjoying it quite a bit, but I think I'm definitely into wanting to kind of grab my own network. I want to apply a lot of the things that I've learned from different environments. I want to take my skills and see if I can't mold an environment. That is, you know, some of the best practices that I've been able to collect over the years.
Ryan:So when you, when that fell through, then did they give you another opportunity. What happened after that position?
Steve:Yeah, yeah, absolutely so. From there they're like all right, you've basically got whatever time you need. You can go apply for other teams. You get to go shadow. The entire company is what they told me and I was like so I can go hang out with the red team and nobody cares. They're like yeah, yeah, it doesn't cost them anything. If they're willing to like, let you tag along, you can go I was like yo, let's go.
Ryan:This is even better, all right yeah.
Steve:So I immediately like I'm not, I'm not shy, I'll uh, you know, it's kind of a typical marine thing, right, like we usually get ourselves into more trouble and less trouble at times. But uh, so I. So I was like all right, let's go. So I just started looking at people up in the directory. I started like Ooh, they're a red teamer. I'm going to see what they do. I'm going to see if they'll talk to me. I'm going to hit up this boss. Um, we had like a global Mandiant chat where they were. They would like hop in and say, hey, we need a consultant to of eyes on. So I just start responding to those people. I had no idea who they were. Turns out they're like directors, like like vps and things right, like the cto of the company.
Steve:I was like, oh uh, that was maybe a whoopsie, but I was nice and professional to everybody, right?
John:like there was no running the fire.
Steve:I just, you know, maybe reached a little little far, uh, but it ended up working out because I got connected with at the time it was the Google, oh my gosh it was the government sector, essentially because I met clearance. Still, I was coming from SOCOM, I was very plugged into the government networks. I, you know lots of time in the military. That's the world that I am very comfortable living in, right. So they ended up they have a specific team where it's the federal team, so it's the federal, and then the state local education team, so any universities, um, k, through 12 institutions, local governments, right, um, and then obviously all of our federal clients they were. They had a IR consultant position open and I was like, ooh, that's cool, that's my next step. Coming from, you know, kind of a SOC background, really I would love to go IR. And they were just getting the team started.
Steve:The manager of my team who hired me at FireEye, he was going to that team as well as a manager. So I showed up to the team first I interviewed with, you know, the director and all those things had to do my technical, another technical interview, just like as if I was anybody else off the street, you know, got through all that stuff, worked with the directors and things, and then all of a sudden my old boss came in. He's like, hey, what's up, man? And I was like what, what you doing here, man? Like are you cool? We got to the same team, let's go. And he said, yeah, no, I was coming here for years.
Steve:Like this was this is already done in the making. They said, whenever the socom thing ends, I'm coming here. So I was like, oh, that's, that's pretty awesome man. So he's great. Even years later now he's my senior manager. So it's, it's such a small world, especially, you know, in the military contractors. Um, you know, it's it's, it's incredible. The people you run into it's just the same the same folks everywhere. It's, it's awesome, I love it yeah, yeah.
Ryan:So you got, you got to to jump in right, you reached out to folks and you're able to make some connections, and then then you got this position and this. What was this position exactly? What were you doing now?
Steve:yeah, so that's going to be. Uh, so it was an incident response consultant and essentially that is where you know a company is having a bad day. They hacked and it's usually one of two things Either they need help figuring out what happened if they're still in the network do we have any intel that can help them with more IOCs to look for things maybe we haven't looked for and then the other one that we get a lot is folks who do have a solid cybersecurity team but due to risk and compliance and legal things, they need to have someone come in and just double check. Right, it's always good to have another set of eyes. I'm pretty sure it helps with a lot of liability issues. So if you have you know lawyers and things working your case, they're going to want to say cool, we did our due diligence.
Steve:A part of that due diligence is having an external consultant come in and just give it a once over. Make sure that there's not something. You know, because I know something that wasn't missed, because I know what it's like being on a sock right like you're looking at one ticket. It's a huge priority and then, all of a sudden, something may, something else may happen, or two things happen at the same time, or three or four. Right like it is so easy to get streams crossed. It is so easy to get squirreled into one different direction in a data set. It is so easy to have one thing kind of fall through the cracks.
Steve:Because these are big, complex things. It's depending on the severity of what we're responding to. It's a lot of times the company's worst day, especially if it's ransomware, because now they're not operating, they're not bringing in revenue, there's bleeding money. So everyone's stressed, everyone's pissed, everyone wants an answer right now. Everyone needs, they need, need, need and in those stressful environments it's very important that either you or whoever else is incredibly organized, because when things get rough, things will fall through the cracks.
Steve:You're going to forget one little thing. You didn't write it down. Me personally, I've done this for so long now. If it doesn't go into my notes, it's almost like it never happened, because I'm lucky if I'm working one case at a time. Typically there's a few things, like one's wrapping up that I still have to do calls, with Another one's kicking off, and it's just this, you know, kind of churning cycle. So, yeah, it's very important to stay organized. It's also very important to not get your ego wrapped up in an incident where it's like you know, I can do this all by myself. I don't know about you guys. I've never been able to do anything by myself. I have to have a support system, I have to have mentors, I have to have folks that are in my corner even when I mess up, because it happens.
Ryan:Everybody messes up.
Steve:Everybody misses something, and that's okay absolutely yeah.
Ryan:So, um, there's a couple of things I'm thinking about. One is the skills. Right, we'll talk about the skills, but before that and you mentioned mentorship have you had any? Did you, along this journey, did you have any specific mentors or were there kind of more general mentors or um, um, and maybe now you've had a chance to mentor others, anything around mentorship that you you want to share?
Steve:Yeah. So for myself, my earliest mentor was going to be my first boss, who brought me into SOCOM. So, um, you know, ryan, another Ryan, we rolled deep there's. I don't know if I've ever been into a meeting where there isn't two of us around, which awesome. But so my boss, ryan, at the time, he really took me under my wing. He knew what he hired, right. He knew that I needed some guidance and mentorship and he was up for the task and he was.
Steve:He was a real network engineer, not just an MSP decided they want to sound cool, so he took me under his wing and taught me everything he knew about cybersecurity. And then, specifically, he just loved talking about networks, like talking about network traffic and protocols. That was where he hunted. Right, if we were threat hunting, he's like I kind of preferred the host-based stuff because it's like, especially when you're starting on your career, it's like I can prove that this happened right, I got the log, it's right. Yeah, you can't, can't, whatever.
Steve:Networking is much more ephemeral and much more like. You really got to dig through the weeds. You have to make a couple assumptions, like you know, there's there's that that's a much more nuanced and much more difficult thing. So we kind of work good pair that way. He would focus on all the network traffic and I would focus on what happened on the system. But yeah, he really took me under his wing, gosh. I remember there was a whiteboard that used to be behind me all the time and every shift I'd come in where he was working by the end of the shift that whole thing was just filled up with some concepts, some whatever.
Ryan:You can't have a conversation with a network engineer without them having a whiteboard, like literally. Like I'm just going to go make sure we have a whiteboard in this room so that you can draw on it.
Steve:That's so true. Oh, it's so true. Ask them for a network map, though you won't get one of them I'm kidding. That's cool. It's because they keep it in their brain and that's where it lives for them.
John:That's right, that's right. That's right, but yeah.
Steve:So he really kind of was my first cybersecurity mentor. Even to this day, we both work for Google now, so we chat constantly. We teach a couple classes a year. It's for a thing called Threat Space that we put on at Mandiant. It's ran by Nadine Tanner. If you haven't had a chance, please look her up. She's fantastic. She literally wrote the CISP book, Um, and she's a very accomplished author. Uh, she's fantastic. She's probably one of the most charismatic instructors I've ever had the pleasure of working alongside. She brought me in. Uh, let me kind of do my thing. This is what I'm passionate about. I love getting up in front of students and passing on wisdom. I want to. If I love getting up in front of students and passing on wisdom, I want to. If they're there for it, right, If they're leaning forward and they're listening intently, I'm absolutely there for it.
John:Right.
Steve:So that's and I would love to be honest I would love to do more More mentoring, more of those things. I want to take what Ryan did for me and apply that to as many folks as I possibly can. It's one of the things that fills my cup. It's the reason why I'm here today. I want to keep this journey going. I want to mentor as many people as possible. I think I just need to figure out what the right balance is for me in my life. I've got three young kids right now. So by the time 5 o'clock rolls around, I I just get off of work, but my kids have already been melting down for 30 minutes.
Steve:you know they mean like they're down there crying, and then we got to do the dinner, bath, bedtime routine, and by that time it's like eight, nine o'clock, and then my youngest is up a few hours later and it's like so we're just trying to get through this little season of life here, and then, uh, you know, once we can put it behind us, I'm going to be ramping up my efforts in mentorship as well, looking for different opportunities no, that's great man.
Ryan:No, I get it. I have different seasons. I've had the older kids and a younger kid, so I'm still kind of balanced out there. So I definitely understand. But just doing like you said, doing this kind of thing, just looking for it, may not, you may not have the chance to be like a full time mentor, like, hey, okay, we're going to meet this often, but this opportunity, these kind of opportunities, um, you never know somebody could just take this and you get to mentor at scale sometimes, and sometimes it's just one person and maybe it's one time, but still it's. You know, I think it's great, great and I think everybody, if you have that opportunity, take advantage of it for sure. So thank you for for doing that, for being here with us to to do it yeah, happy to be here yeah.
Ryan:so skills and just this space, the digital forensics, right, incident response, right. I think that, um, it's a, it's a unique path. It's kind of broad. I'm curious to get your perspective on you know what if somebody says, hey, right, I'm looking to where I want to work at Google, mandy, and I want to do what you do, right, there's the jack of all trades approach of like, ok, you need to know a little bit of a lot of things, or maybe you specialize and I don't know what you think there. I'm curious to hear. But what do you tell people when they ask you that question of, hey, what do I need to focus on to get to where you are?
Steve:Maybe I'll answer that question a little more indirectly and kind of speak to some of the folks on the team that I work with every day and a little bit of our dynamic and why we work some of the folks on the team that I work with every day and a little bit of our dynamic and why we work, why I feel we work together so well. We're not coming together. We don't. Not every one of us has the exact same skillset. We may understand, we may you know, like, oh, that's so cool, right, like, obviously I know what a web shell is, I can find web shells, it's not a problem. But we have this one guy on our team. I swear he could be on engagement. That's just like a single system forensics and he's just dumping rain. He's dumping web shells everyone. Like it's the most insane thing I've ever seen in my life. He's we literally made him a trophy. He's the web shell king, like it's. It's unbelievable. The dude is a mad lad. He's awesome, I love it. And we have folks that we just hired another consultant. That, uh, came from microsoft and she is awesome. Like that was her bread and butter. She did security like she was the one who helped the tools, like the incident that we responded to for y'all. She was instrumental in helping me Like hey, this is, like you know, wink, wink, nudge, nudge over here. You know that kind of thing Because every time I go onto a Microsoft engagement there's a different license. They've changed the names and it works right, everyone, because you know what I mean.
Steve:Like, and it's impossible for me because I have to. I have to get so deep and so focused into the engagement that I'm on. I learn it. I learn it inside and out, and it may be another six months before I get on another engagement with m365 in the environment, sure, and we all know how many things change in that amount of time. Yes, it's mind-melting at times to try and keep up with things, but so the point I'm trying to make here is we all have our own skill set. We all have something that contributes to the team, and it takes a good manager to realize like, ooh, we're kind of lacking in a little bit of this area. Let's see if we can't find someone who is strong in those skills. We want somebody who's passionate about that area. So, even if I'm on an engagement by myself, I can always reach out to my buddies and say, hey, this is a little out of my depth. What do you know? Can you take a look at it? Everybody on the team is great. We're all literally able to dogpile on a problem if it's a huge problem at first, kind of get things up, come up with a game plan and then we all roll back to our engagement. I think that's a lot of what enables us to do what we do.
Steve:I don't, I can't possibly know everything. I promise I'm not a smart man. Like I'm not a smart man.
Steve:I was in the Marines, right, like it comes with the territory, I didn't do extraordinarily well in school. Matter of fact, I tried to do anything I could to get out of school. I wanted to go. It just wasn't. That wasn't for me.
Steve:And, um, cause I? I just, you know, I. I think I was a typical kid and if it didn't interest you, it didn't interest you and you didn't really apply yourself. Um, that doesn't mean I, you know, couldn't do excel in life. So you know, just because if you're not academically inclined doesn't mean you can't find your passion and do extremely well. So I think that's just important context. But everybody brings their own skills to the table. If you're kind of starting your cybersecurity career and something interests you, like me personally, I started out hacking Wi-Fi, like that's. I was like cool, I saw like this cool random video on YouTube that, like, this dude somehow got a shell and he was hacking. I was like how I saw this cool random video on YouTube that this dude somehow got a shell and he was hacking. I was like how does any of that even work.
Steve:So I set myself down. I was like all right, I'm going to figure it out. I love puzzles. They can do it, I can do it. And I think that mantra is something that has kept me going through cybersecurity. Cybersecurity like when I'm coming up against a hard, you know, problem to solve, if I'm into something that I'm in uncharted territories. There's people who do it all day, every day. If they can do it, why can't I do it? I can learn stuff I can. I can shove things in my brain like you know, maybe not like physics, but other things right.
Steve:Like there's a level of where I feel comfortable of, okay, gonna figure this out, I'm gonna dive in and learn. I think that that skill has done me well and then when I mentor others, if they come to me, I think that's very important is, pursue what interests you? Keep that fire alive, or keep the fire going, uh, and it's that's going to be your kind of little niche now, yes, you do have to be kind of a general practitioner. You have to. You know what's the old saying it's either an inch wide and a mile deep, or a mile wide and an inch deep.
Steve:In cybersecurity, I found it's annoyingly both sometimes like impossibly impossibly both right, you got to kind of be a mile wide and a mile deep on some of these things. That's what comes with time, that's what comes with experience, that's what comes with. You know, I've got gosh, I've got a couple hundred engagements under my belt easily at this point. That's where all of that comes from. It's allowed me to grow up and down or grow across, and down on my skills.
Ryan:Yeah. So I mean that's good. I think maybe find your niche while you broaden your horizon. You know, find your niche, the thing that you really are excited about, that you want to dive into, especially if you're looking to get into forensics and incident response, um that you can bring to the table, right, well, how can I add value to your team? Right, um, but then, but then you know you need to be thinking about how do I level up those other things. Maybe you won't be as deep in everything, but I think that's great advice. Just look for ways that you can be. You're going to be, you're going to bring value. We're going to say, hey, we need to call Ryan up because you know I've got this issue right now and he is really good at this, but you need to be able to not just do that thing, right, just do that thing Right.
Steve:Yep, yep, exactly. There's the whole circle of skills. You've got to have your hard skills and your soft skills and they all come together Just because I could be incredibly apt technically. If I can't relay that to anybody, what good is it? What have I done? I've done nothing. I've done nothing for anybody. So you know, it's important to pick your head up off the keyboard sometimes and take a look around, touch some grass. You know like, okay, I feel like I'm doing pretty good on this.
John:Let's, let's make sure my other skills are up to the snuff as well. So, yeah, okay, were there any certifications along the way that really helped you that you would recommend someone that's maybe starting their career or or wanting to get to the point where you are Going from?
Steve:zero to where I am. Certs initially were kind of a check in the box for me. It was more something that I did because I was kind of targeting government jobs and they required them. So I knew I had to get some certs and I did them and I learned some from them. But at that point when I started taking like my SEC plus and CEH, I had already been teaching myself all those things. Right, I don't think Hack the Box was out at that point or Try Hack Me, but Hack the Box was.
Steve:And there's a guy out there I don't know if you are familiar with IPSEC, but he did these walkthroughs that were two or three hours long. He did all of them. He did every single box that were two or three hours long. He did all of them. He did every single box. Like, once they retired the box, he did these walkthroughs that were so apt and so awesome and he walked through his process with you. He would normally do it live. So if he ran into a command issue, if he ran into a pendency issue, if he ran into anything, he would show you like how he would go. He was like, oh, I'm missing this package, apt to get installed, right like it was. It was things that I personally learned best watching someone kind of flail like I want to see how the sausage is made. I don't want to see this beautified. Like you know, they prepare the turkey and then ding and they pull a perfect one out of the oven like, that's, you know, like that's that's when you run into the challenge.
Ryan:You're gonna be like wait a minute. It just looks so easy for them right because I would.
Steve:I would go on my computer and I would try and follow along, but I'd be running into all these issues all these dependency issues, blah, blah, blah and I'd like why isn't this working for me? But ipsec took the complete opposite approach. He like obviously was incredibly talented and smart, um, but I got to watch him like oh gosh, you know, like bash, and figure out the problems, because in it, that is where the real skill lies. No one cares that if it was easy, anybody would do it right.
Steve:If it was easy we wouldn't need to spend all this time. We wouldn't need to have podcasts talking about, we wouldn't need to have all these education things.
Steve:It's not easy, it's in the weeds it's in the details, it's the ones and zeros that will get you. It's the, it's the minute change. We see it all the time with compromises. Somebody, some admin makes, makes a checkbox change on a edge facing device and, boom, now we're calling Mandiant, like it's. It's that sad and that tragic, but that's really where you know the attention to detail and all of those things come in.
Steve:The certificates are important. They, they, they help those level up their skills. But I don't necessarily put a lot of weight into any of the certs that I've gotten. I try and try to go out and learn the practical skills needed and certificates kind of allow you to check the box, say like I've done these things, I can at least get into the door. So when I have the ability to talk to somebody I can share my real experience, my real passion, the fact that I've done labs, the fact that I do hack the box, the fact that I do CTFs, the fact that I go to conferences, all of those things that hopefully good hiring managers are looking for tend to gravitate towards.
Ryan:Okay, great, perfect. Yeah, I definitely agree. You can come in with a resume that has 15 certificates and that shows me you know you've definitely taken the time to take to study, to learn. But you know anybody can really pass a certificate if they even the hard ones, right If they put enough time and energy into it. So that tells me, hey, you put the time in, you are serious about this. But it doesn't mean that you're like, okay, because you got this cert, now you're golden, right. I want to know, like you said, the actual practical skills as best as I can about what you know how to do, not just that you took a test.
Steve:Yeah, yeah, and it's such a chicken and the egg problem when you go to hire somebody. Yes, you can't suss those things out in a resume and you get thousands of resumes you have to go through. It's almost impossible. So it's like you do the search so that way you can have the conversation.
Steve:Absolutely so, not to say that they're not unimportant, not to say that they don't serve their place. They do all of those things. It's just. Those are the. For me, those are stepping stones, those are like initial things to get you down in your cybersecurity career. You do those things to advance your career, not to hang your career on. Like you're not hanging your hat on a cert Right At all. Great way to put it.
John:Yeah.
Ryan:So let's wrap up, because we're getting close to the time here, but we talked about any, any story or stories you want to share, because I'm sure you see some interesting stuff that yeah that you never know what the day is going to bring. Um, just like we, we see those things too, but you with the different breadth of stuff that you get to be involved with. But yeah, anything you want to, any, any interesting stories you want to share.
Steve:I have so many cool stories I wish I could share. It's not even fair. Like that's part of like the reason I wanted to work my way out of government and having to use my clearance is I can't talk about anything.
John:I don't want to do that.
Steve:I want to go to conferences, I want to give talks on things. Unfortunately, being in the first responder role, I I kind of get handcuffed to ndas and all those things and I don't. I don't want to step on anything, but we're going to talk a little bit in generality. So every engagement that I pick up starts on a friday. Doesn't matter when it starts on a friday every time every week.
Steve:Every time I'm not like at the end of one. It's like I could do nothing from Monday to Thursday, and then Friday. Bam, there's Friday and my weekend gone.
Steve:So I you know, uh, this one started, no different. We got a um, we got a call from a K through 12 school in a pretty nice area and they're like, hey, we're seeing some, some weird activity. Uh, these things aren't quite happening in our network. We don't want to know. In my spidey sense, I was like, all right, this is like I don't know, it's, it's not that serious Like what was happening. They just wanted to figure out what was happening. I was like, all right, this is for sure. And I try not to like have preconceived notions. I just I locked them away and if I'm right, I'm like, whew, I got a. That's right, I knew it Right.
Steve:And so, whatever, we're going through the engagement we start and we have to deploy our agent typically, and that what that allows us to do is it pulls back all the forensic data that we need to take an initial look at your environment. So it's going to pull back things like initial access vectors. It's going to pull back persistence vectors. It's going to pull back network traffic. We're going to pull up some DNS logs. We want to see if we can find any known C2s that are asking to get requested, that type of thing. We want to look for the basic things right, and that allows us to triage your network. That could have more than 10,000 clients and we can start to zero in on like okay, this is a problem. We're starting to see some weird activity. We've got all of our IOCs that we bring to the fight as well. So if all of a sudden, our IOCs are hitting on stuff, we're going to really dive into that, pull more data, focus in on that.
Steve:So we did that. We deployed our agent across the entire school and we're like all right, this is weird. Like we're not seeing any persistence things. We're not seeing any like external communication. Like God, that's so weird. But I guess it tracks in my head. I didn't say that out loud because that's like the kiss of death, right, like you. Just you don't, you don't wish those things into the world. You don speak them out loud. I was like man, that's weird. So it's probably it's, it's looking like it's somebody in the school. So, sure enough, we keep investigating.
Steve:I pull up, uh, a powershell command and it was like the most basic base 64 encoded powershell command I've ever seen in my life. It opened up chrome and opened up a rickroll video. I was like you have got to be kidding me. I found this within like an hour or two of being in the environment. I was like you got to be kidding me. It's like that's like no, like they, we you know we, we were very good at what we do. Uh, we definitely uh it.
Steve:It costs quite a considerable amount of money for her to have us come in and be on an engagement. And at that point I knew I was like all right, we're after a student, somebody who's just messing around doing something they shouldn't have. They're bored at school. I can relate, I got bored as well, probably got in too much trouble too. Uh, but at that point you know we're like all right, we know the deal. So from there we started like looking in. Sure enough, this kid had like tried to rickroll the entire classroom. He was a known kid at the school of like messing with their computer systems and these poor system admins, like you know they don't at schools, like they don't have time and resources.
Steve:They're just trying to keep everything working and the lights on like they don't have time to deal with these kids that are, you know, snagging their domain admin password off a post-it note somewhere, like they just it's. It's one of those things that it's it's cool. They know the kid. Hopefully somebody mentors him enough to say, all right, listen, it's really cool, you can do this, but there's so many legal ways. You cannot keep doing this path Right. And I think that's a kind of leads into another good segue as folks learn cyber security. Uh, there's a lot of high school age kids in my neighborhood and they're going to these um, what are those? The magnet schools where they teach the stem schools and they teach science technology, math, engineering and they're starting to learn computers. They're starting to learn what they can do right, and it's I haven't talked to one of them where they kind of go through like an ethics class I don't mean to be the boring like.
Steve:This is wrong, this is bad. But it's like cyber security and the the laws around it. They don't. Like there is no carve out for. Like oh, it's just a dumb teenager. Like no, that's yeah, don't play they don't, they don't play.
Steve:You can do one thing and that's the end of your career. Being in cybersecurity is built on trust. If you cannot be trusted, you will not get into anyone's network, let alone a job in the industry. So I try and stress upon them that what you do on the computer matters. I kind of overreach and say everything you do is recorded. It may not be true, but for the most part, like that's the mindset I approach, my computers with Every time I touch a mouse or keyboard, I assume it could be out there to the world Somebody else.
Steve:that I didn't expect doesn't matter. That's my assumption when I talked on my phone when I whatever.
Steve:And we see that time and time again to being true, so I try and lead them with that. I was like, if you don't want the whole world to know what you're doing on this electronic device, you probably shouldn't do it. And that's kind of where I've landed with them on the do's and the don'ts of getting into cybersecurity. Because one of the things I love to do is teach people how to hack Wi-Fi, because that's how I started. But I do it with my own router on a test network where I'm not, you know, it's a very controlled environment. I'm really making sure that it's only things that I have permission or within my area to allow those things to happen. And when I teach teenagers and other kids, like about encryption and how a four-way handshake works and how wireless protocols work and how Internet protocols work all those things I learned from learning how to hack Wi-Fi the hacking part was just like the cool puzzle thing that got me interested in those things 00,00,00, 00,00,00.
Ryan:So great power comes, great responsibility 00,00,00.
Steve:Absolutely, yeah, 100%. So that's really kind of where I try and steer, steer young, the younger generation, away and let them I want them to understand that we're all walking on a tightrope. We could, we could do something that wasn't even our fault, and all of a sudden we're down at the bottom of the Canyon. A gust of breeze could come up and we'd get caught up in it and it's, it's. It's just it's. I can't stress it enough that you have to be professional, you have to be cautious of what you're doing, because you could be just an innocent bystander and still get rolled up, and I don't want to see that for anybody, especially the young, bright minds who are interested in becoming our next generation of cybersecurity leaders.
Ryan:Absolutely. Yeah, no, thank you for that, and thank you for coming on and chatting with us. Some great stuff that you shared. I think there's especially for folks that are, that are veterans. There's a lot of veterans looking to transition into cybersecurity, so I think there's some some great advice that they can take from this and others. So really appreciate it. Thanks for your time today, so really appreciate it, thanks for your time today.
Steve:Yeah, thank you so much for having me. I had a chance to listen to some of your other podcasts. They're great. I'm going to go through and listen to the rest of them too, thank you you guys are doing an amazing job on the podcast. I think it is so important on the mentorship side. Gosh, I wish I just had some of these resources back when I first started that I could listen to as I was putting in patch, absolutely absolutely.
John:Thank you, Ryan. First started that I could listen to as I was you know putting in Patrick right, absolutely, absolutely.
Ryan:Well great. Yeah, thank you. That's it for today. Thanks everybody. Thanks for tuning into this episode. If you're looking for personalized mentorship, click the link below to sign up for a free consultation with us.
John:During this session, we'll talk about your goals, your challenges and how we can better help you. This may include reviewing resumes, career advice, setting up action plans that are tailored for your needs.
Ryan:Yeah, at Cyber Professional Services, we're here to guide you at every state of your cybersecurity journey.
John:That's right. So keep learning, stay secure and we'll see you next time. Or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast, and follow us on LinkedIn. We'd love to hear from you. Until next time, I'm John Hoyt and I'm Steve Higuretta. Thank you for listening.