Mastering Cybersecurity: Part 3 - Hack to Defend: Why Offensive Knowledge Matters

Show Notes

In Part 3 of our Mastering Cybersecurity series, we explore why learning how to hack isn’t just for red teamers — it’s a critical skill for defenders, too. Understanding offensive tactics can sharpen your defensive abilities, improve threat detection, and help you shift from reactive to proactive security.

Plus, having both offensive and defensive skills makes you more marketable in today’s cybersecurity job market, especially for roles that value versatility and hands-on experience.

We’ll also share practical ways to start learning these skills safely using your own home lab — no red team experience required.

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Connect with us and leave us feedback:

● Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com 

● Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultation

● Sign up for our Newsletter: https://sendfox.com/lp/m2vx85 

● Join us on Discord: https://discord.com/invite/g4yRKjnD78

● Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcast

● Check out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcast

● TCM Affiliate Link: https://certifications.tcm-sec.com/?ref=198

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Episode Resources:

Recommended Certifications

PEH – Practical Ethical Hacking

Why recommend it:
Covers the full pentesting pipeline—network scanning, exploitation, privilege escalation, and more—with hands-on tools and labs.

Enroll here: https://certifications.tcm-sec.com/practical-ethical-hacking/?ref=198

 PNPT – Practical Network Penetration Tester

Why recommend it:
TCM’s flagship certification simulates a real-world pentest engagement—from external recon to internal exploitation—and includes a full report and video walkthrough.

Enroll here: https://certifications.tcm-sec.com/pnpt/?ref=198

 Hands-On Practice Platforms

TryHackMe – Offensive Path
Learn offensive security with guided, hands-on labs.
Link: https://tryhackme.com/

Hack The Box
Pentesting labs and real-world CTF challenges for all skill levels.
Link: https://www.hackthebox.com/

Tools to Explore

Kali Linux
A Linux distro made for penetration testing.
Link: https://www.kali.org/

Metasploit Framework
A powerful framework for exploitation and post-exploitation.
Link: https://docs.rapid7.com/metasploit/

Nmap
Powerful network scanning tool
Link: https://nmap.org

Chapters

• 0:00: Build Secure Hack Series Introduction
• 1:07: Finding Vulnerabilities: John's Credit Card Story
• 7:56: How Offense Informs Defense
• 11:58: Adopting the Offensive Mindset
• 17:35: Marketability: Value of Dual Skills
• 25:32: Learning Resources and Next Steps
• 33:32: Episode Wrap-up and Contact Info

Transcript

Steve: 0:03

Could you?

John: 0:04

teach me.

Steve: 0:05

First learn stand, then learn fly. Nature ruled on your son, not mine.

John: 0:12

I know what you're trying to do. I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it.

Steve: 0:24

What is the most inspiring thing I ever said to you Don't be an idiot. It changed my life. Hey, everyone, welcome back to the Cybersecurity Mentors podcast and to part three of our Build Secure Hack series. Today we're diving into the hack side of the framework and we want to make the case for why even defenders need to learn how to hack. We'll explore how offense informs defense, why adopting the attacker's mindset can make you more proactive and effective defender, and how learning these skills can make you more marketable. So let's get into it, john. What are your thoughts?

John: 1:07

Yeah, we're here. We're finally at the last part of this three-piece framework build secure hack. So this is the fun part, right? So everybody always wants to be an offensive red teamer, pen tester. Guess what you can be even on defense, right? So, even on defense. So just a quick story of kind of how I've used this in the past and I think you can use it as well.

John: 1:44

You know, I had, over the years, I've gained offensive skills, I've gotten certifications, I've gone through training and I've flipped back and forth. I would be doing my normal day job of protecting, defending, monitoring, and then I would switch my hat over. No, it's this way. I'd switch it right to go to business mode, um and uh, and go into offensive mode and start probing the network, start probing and looking for interesting things, misconfigured things, vulnerable things, right? And? And doing so. You know, I just started looking through, um, the the network, and looking through the domain and looking for systems that had shares that were open, openly available, that I could access just as a, a domain user, a normal user that's on the network, nothing special, no privilege, no special privileges and came across this server that had open shares on it, um, and as I started looking through those shares, I started finding some very concerning things and very scary things. It turned out this server was a server where people would send in money. Like you know, normally you think people don't do this nowadays, but apparently they do. I don't know if this is still a thing. This has been years ago.

John: 3:04

But you know how the old school like the knuckle busters they'd call them where you'd have the little credit card number you had to put your credit card on, the young people are like we don't know what you're talking about right now. I've seen it in movies. Yeah, exactly, you put your credit card on the thing and it had the two-ply paper and card on the thing and it had the two-ply paper and they'd make a copy of it. Right, they'd basically do a paper copy of it and then they that's that's how they would bill it. Well, it was like that where people had done a copy of it or even written down their credit card number, and then they literally mailed that to us, and so in the mail that you, you had this piece of paper that had a credit card number with all the security code and all that stuff, all the pi related to it.

John: 3:54

Um, very sensitive that people are mailing through the mail, which, to me, was like what in the world? You think, okay, well, this is actually pretty secure, it's it's offline. It's offline, it's paper, right, how is somebody? How is this a risk? Or how is it? It is a risk because people are sending this to the mail, but from a hacker. How is somebody going to hack in and get this right?

John: 4:17

Well, what they were doing is they were scanning those in to this system. So this system was like oh, we got the mail, let's check the mail today. Oh, okay, we get $10,000 from Big Bob Jenkins, right, and let's scan this with a scanner, a paper scanner, and then now it's digital, now it's electronic. So it's as bad as if somebody had sent this across the, the wire, across the internet, and it landed in this server and it's sitting there and in a file system and a on a share that's openly accessible to everyone. So they had inadvertently misconfigured the permissions or they had done it. This is what you find, where they had made it overly permissive because they were testing things like oh okay, we got to make sure, we got to make sure it works, we got to make sure these files are readable, and they can be. They can be landed by the scanner into the this directory.

John: 5:18

Um, well, they forgot to turn off the everyone group so that everyone can go and read this year, right, and so that's where, being offensive and finding this, I was like, oh crap, right, like wow, this is a treasure trove. If a bad, a bad person, bad guy, found this, um and were to try to exfiltrate, now they'd have to be on our network. It wasn't like it was open to the world, to the internet, but still it's. It's still a risk. And if I were a adversary and I'm inside your network and I'm probing and looking for suspicious or or bad things, then, um, there are things that are juicy. This was, this would be the mother load. Right Now, shut that down. Right, talk to the the it support for that. And um, they had said the vendor had came in and did testing and they and they enabled that and forgot to turn it off, off, um. But that's what happens.

John: 6:16

And here's the thing. Here's why my pitch about learning these skills is very important and how it makes you a better defender. Is that guess what? You would never, ever, at least in this current times, have an alert that would let you know that that was openly accessible. Like you're not going to get a, a edr alert that says, oh hey, this person made this file share, added the everyone group. That doesn't happen. I'm here to tell you that doesn't happen, right, so you wouldn't know about it. Maybe, until the worst case scenario, somebody's already grabbed data and now they're trying to exfiltrate it. Maybe you get an alert then, right, and now they're trying to to exfiltrate it. Maybe you get an alert then, right.

John: 7:09

So, switching that mindset to hey, we got to move, we got to be proactive and not wait for the bad things to happen. That if, if I was only being defensive minded, I'm just waiting for some incident to happen, I'm just waiting for that to, to, to be exploited, and then I'm reacting, versus moving to an offensive and back and forth to look for those bad things, kind of like. I think I've called this before You're checking the locks on the doors, you're checking the windows to make sure they're locked. Hey, you go around, let's make sure things are locked, okay, good, good, let's move on right and we're going to talk about why. You know, what do you get out of this? You know to kind of back this up, but this is a good story to kind of share in my experience how I've used this, this mindset and these skills yeah, no, I completely agree.

Steve: 7:56

So, and it's you know, we can talk actually about our first point here offense informs defense, right. So in order to defend something, you have to know how it can be broken, right.

Steve: 8:09

But again going back to the series, if you know how to build it, and you know how to secure it, then you have way more information under your belt when it comes to hacking and even when it comes, you know, like I said, defending it. So understanding, kind of like some of the offensive tactics that directly can affect this vulnerability will help you when it comes to defending it, or just knowing what is possible and kind of what are the things you need to look at and what are the things you need to be aware of of potential attack vectors, ways somebody can come after certain uh systems. Um, you know, whatever you may have in your organization that is sensitive, that you, that you're trying to protect. So by by knowing how to go through these steps of hacking, of um, attacking, say, you are just better equipping yourself with tools.

Steve: 9:06

So, um, and speaking of tools, there are tools that you can use that can kind of help you. But you've talked about metasploit, john. We have here cobalt strike or even just basic port scanners that a someone starting or even a seasoned penetration tester will use to understand, kind of you know, what they're going after, their targets. So, yeah, any any thoughts on?

John: 9:33

that. Well, one of my favorite tools of all time is nmap and I remember when I was using nmap and and I remember like the it group was like you're M-Mapping the network? Yeah, like I want to find things. I've got to find what's out there, right, know your network. But it has some offensive capabilities. But, yeah, there's a ton of obvious. The good news is there's a ton of training available on learning offensive skills that you can go.

John: 10:06

And we've talked about different platforms. All the same platforms have an offensive tree, right, think about hack the box, right, that's all about really offense. But instead of thinking about it as like well, I'm not going to be a pen tester, maybe you don't want to be a pen tester. Or I need to only focus on defensive skills because I'm going to be working in a soccer, I'm going to be an analyst. My thoughts is like, hey, no, go learn those as well. Don't think about it as well. If I'm not going to be a pen tester full time, I don't need to learn those things. Think about it as well If I'm not going to be a pen tester full time, I don't need to learn those things. Use those same tools and platforms in both sides to see how your tools you know, see how things detect, learn how things, how a bad guy would use those tools to do recon, do exploitation right, do you know? Do exfiltrations, those kinds of things, like learning how they work to to put the hat on of like. Well, now, how can I make sure that I could learn how to detect and how would when an incident happens?

John: 11:15

And this shifts into the second point of like, adopting that offensive mindset but using that, okay, an incident's happening? There's definitely many times where an incident's happening and I'm thinking, okay, what would I do next? Or how would I have gotten in if I was on the offense, right, because a lot of times you don't know how they got in. It takes a while to figure that out. And what they did? Did they fish somebody Right? Was there a vulnerability? To figure that out, and what they did, did they fish somebody right? Was there a vulnerability?

John: 11:47

So you start literally switch back and forth between, okay, now I'm gonna put my hat on, of like, if I were trying to take advantage of this weakness, whatever, how would I have done it? How would I have gotten in? How would I move laterally? What am I doing here, right, so that the offensive mindset right, being able to think from defensive to offensive just kind of backing up this point of we are so defensive minded in the SOC and sometimes it can be a little depressing.

John: 12:21

Sometimes you're just always reactive and just like, well, we're just waiting for the next thing to happen, right.

John: 12:29

That can be be a bit repetitive and be just like you're like the fire department I say, a lot of times you're kind of waiting for the next fire or the next call, and even in a fire department they train department, they train for those events, so they're being proactive by training all the time for those things. But this switch is like I call it the default aggressive mindset right. Being proactive is like you're not just always waiting for the bad thing to happen. Now you can switch to to you're literally mindset switches from waiting for bad things to let's go find things. That is a big deal, it's a big mindset switch, um, and it gives you like it's like a breath, breath of fresh air like hey, yeah, let's go, I want to go find these things before bad guys do it. Just, it's just a and I really think it's helpful and healthy for folks that are always on the defense. Not only does it make you better, but it also helps you out a lot because you're able to just get out of that defensive always mode.

Steve: 13:36

Yeah, no, I agree, and I think it's very valuable. We've seen it right. We've seen it with how we help train our teams, and it's something that you know since I've known you, john. That's something that you've always said is you have to be a well-rounded security professional to be successful. I mean really, you do Really. You do no-transcript. So in order for you to be a just well-rounded individual, you need to have both sides you know, defend and attack.

Steve: 14:25

And it's you, I mean.

Steve: 14:27

I think what you said just hits the nail on the head.

Steve: 14:29

Sometimes it can get a little boring.

Steve: 14:30

You're just waiting for the next thing to happen, right, and you're doing your organization and your team a disservice by just hanging out and just waiting, right, your team a disservice by just hanging out and just waiting, right, when you can be proactive and you can switch the hat to help you build your skills but also help your organization because, like you said, you want to find the holes, the gaps, the vulnerabilities before the bad guys do.

Steve: 14:56

And it's just overall gives you a better sense and just more knowledge about your actual environment, because that is the key thing, right, you need to know what's under every rock, what's around. You need to have a full understanding of really what's in your environment and by going on the offensive side, you get to see more and you might even discover things that you weren't even aware about, that you were supposed to defend, or that even existed, that someone forgot about and just left on for years. And hey, that wasn't on my list of systems to defend, to to run for vulnerability scans on that, that's not on this ip list or whatever, and that happens all the time.

Steve: 15:41

So, you know it has a lot of perks for you as an individual, but also for the organization that you are defending, so it's very important for sure.

John: 15:51

Yeah, I agree, and I think that it's fun right it's?

Steve: 15:56

fun.

John: 15:57

I mean, everybody wants to be a hacker. That's why you get into this a lot of times, you know, maybe not everybody, but I think I enjoy it, and I enjoy being able to switch back and forth between the two. I think the case of some people may say, hey, well, I'm going to go deep in one or the other. I can only be an expert at one thing, which that is true. I think being more well-rounded is what has worked for me. You may not want to go that path. You may want to be like the expert in whatever you know, this thing, and that that is okay as well.

John: 16:44

But generally, from what you would need in a person, an individual that you're going to hire on your team, the well-roundedness makes you more marketable. Right, we're going to talk about that is like, hey, I'm not just hiring a person that is a defense only person. That's all they know is defense. They, they do a great job at that. But oh, also, they understand some offense and I could maybe give them some things and we, we do that on our teams, like we do have our, our team members like, hey, if you want to do both, you want to help us with a pen test. That's great. That's going to make you better and us better, right? So you know, if you're going to go sell yourself steve like I'm, I'm coming in, I've got my interview and I'm not just just defensive. Only how does that help you out?

Steve: 17:38

oh, that is, that's huge um. So, if I you know, in the past we've been looking for mainly people to come work in the sock and I have one individual in mind. Um, his situation was a little bit different but anyway, he came in for a just sock position, interviewed well, we really liked him, personality wise, um really was going to mesh well with with our team, um. But we noticed on his resume and even he told us in the interview that his passion really was on the red team. Right, that's just, that's just where where his passion was. So we hired, he joined our team and he was killing it in the sock, just defending my defensive mindset. He was picking up all of our processes, procedures, our toolage, like he was. He's a rock star and you could just see the hunger in this individual as well.

Steve: 18:30

We didn't have at the time a specific red team or pen testing team that we could say hey guys, can you guys help us out with this? I don't know if also just the funding wasn't there for us to go external to an external group or whatever, but for whatever reason, we needed to figure things out internally with the experiences that we had, the fact that this individual's passion relied on just hacking red team pen testing and he was continuously upping his skills on his own time, but also, you know, bits and pieces during regular work hours. Wherever we could, we could give him opportunities. When that time came that we needed someone to do that, he killed it. I mean he had, he had this experience already, his passion, and he teamed up with someone else on our team as well who kind of had that same same passion, and I mean, I was, I was surprised about how well it went and how just knowledgeable this individual was with the first pen test that was given to him.

Steve: 19:42

And well, these two, these two individuals, but we knew, we didn't know at the time of hiring him, we didn't know that these new requests, requirements, whatever you want to call it, we're going to come down the pipeline and we were going to need someone like him.

Steve: 19:58

But because he just had that skill that just set him apart from everybody else who we were interviewing, because, again, you're not only getting someone who's just focused on defense, but you're also getting an offense individual and, like we're talking here today, we believe that, in order for you to be a more valuable person, right, someone that organizations will look at and say again this guy is not just good at defending, but he's good at also offense and attacking. So just by him having both of those skills and just that knowledge, that made him, in my opinion, to me personally, to us more valuable than others who just had defensive sock experience whatsoever. And it turned out to be perfect because we ended up needing that kind of knowledge and he came in, stepped up to the plate, killed it and yeah. So any thoughts on that, john?

John: 20:56

yeah, no, I mean we and um, like he didn't have actual real world offensive.

John: 21:03

He's never done a pen test before right, right right so it wasn't like he came in and he's like, oh, I've done 10 pen tests, whatever. It's like, no, he had trained, he had, he had certification or at least a certification. Um, but it was in the back of our mind of like, oh, okay, maybe we, we might could use him for additional things, to do pen tests if he's interested. And you know, imagine you're in sock and you're like doing sock stuff which, look, I love the. But someone's like, hey, you want to do a pen test? Heck, yeah, you're right, let's go Right. So, and I get it.

John: 21:42

It could be a little overwhelming. You're like I got so much to learn already. I got to learn how to do a sim, I got to learn how to do forensics, I got to learn how to do monitoring and response and all that stuff. And it's not, it's always learning, right, we're always learning. It's just a continuum. You don't have to have this to like get your first job. Necessarily it can help, but it just for me, it's just this mindset of the build, secure, hack mindset, right Is. These are pillars of training and skill sets that you can continue to work on and shift between them. Right, okay, I'm gonna work on you. Sometimes you just get bored working on, just just, uh, learning defensive skills. Hey, let's switch it up. I'm gonna go learn how to build something today, all right, great, I going to go learn how to hack into that thing, right, like, these are just continuum, a continuum of shifting between these modes. That it's. It gives you some variety, gives you some it's. It's going to make you better. That's kind of the whole pitch behind this framework. Is it's going to make you better? It will make you better? There's no, my mind. It will make you better, a better operator.

John: 22:57

And when I say operator, I'm like, I'm thinking about it. It's like, hey, you are a professional, you are a security professional. We, you are an asset to your team. Right, that you're bringing to a team. Like you know where, we know. Hey, we're looking around for who we need on this task. We're looking around for who we can bring in to do this thing.

John: 23:18

Those things happen all the time and the better skilled you are, the more tools you have in your tool bag. That man we're like oh, thank goodness, we got so and so let's put them on it, right? That's why I think marketability. Again, it's like how, when we are hiring people, we think about what all can this person bring to the table? That's in the back of our minds. It might not be the first thing, that's like in the list of what we're looking for, but it is in the back of our minds, like, oh, this person can also do this. Oh, this person can also do that, right? So I think that's really the whole pitch. It's how I think this is a great mindset to shift through and work through and learn from.

Steve: 24:06

Yeah, and there's just a number of other things. You said something I want to come back to. But just kind of wrapping up, kind of just the offensive mindset, right, people who tend to be on the offensive side of things tend to be very curious individuals, right, they tend to be kind of creative because they have to find ways. They're like problem solvers. They have to find ways to get to the crown, jewels per se. They get to the finish line and as they're scanning an environment, scanning systems or whatever, they're hit with obstacles. Well, they have to find ways to get around those obstacles, right.

Steve: 24:44

So they just kind of have they do, kind of have this different kind of mindset on how to approach a problem, how to solve for a problem, how to get to the finish line? So, that does play a huge part when it comes to defending. So just that mindset, being able to have that mindset, is very valuable.

John: 25:07

All right that's all I have to say about that. No, that's great.

Steve: 25:10

One thing you were talking about is just more marketability and how you know if listeners have been listening to us right, we're just giving them all kinds of information to help them reach their goals and get to their their finish line in their individual journeys right now. You know, we've been working with a number of individuals. Right now, things are looking very tough and just the just the workforce, right, there's definitely a lot of individuals who are now looking for jobs, looking for opportunities, and the number of opportunities is has either stayed the same or has actually shrunk. So you do have to do things to set yourself apart, like the times of like hey, I got certifications, I'm just going to wait and all these jobs are going to flood my inbox. Unfortunately, those times are no longer here. We may get back to that at some point, but right now that's not the case.

Steve: 26:08

So I've been telling everyone that I've been working with right we have to go above and beyond. We have to go one step more than what we have been doing, because it has gotten very competitive out there in the workforce. You do have to sell yourself apart. I get it.

Steve: 26:27

Like you said, john, it might be a lot on your plate. There might be a lot that you are already trying to tackle and get through, but we have to take that other, that, that next step, and just go a little bit deeper into something. And offensive skills is definitely an area that will benefit you in the long run and will benefit you tremendously when you're up against other individuals who may have similar certifications or similar experience than you. And then that's where they stopped, but you did not. You kept improving and you kept kind of adding to to your arsenal per se. So it's definitely something for you to consider and think about, because times are changing and if you are trying to get your foot in the door and you are trying to get in those positions, you have to do more than we've been doing before, and this is just one great area for you to explore.

John: 27:17

So, yeah, yeah, I agree. I would say like imagine you're sitting in an interview and they're like hey, we know you're applying for this analyst position. Why did you take this course on offensive? What motivated you to get this certification in offensive security, whatever, and you're like well, because I wanted to be a better defender and I wanted to be able to be more well-rounded and I wanted to have those skills to understand how attackers operate so I could be a better detect.

Steve: 27:49

Detect, those, those tactics and techniques, boom, drop the mic seriously because, as as a hiring manager, right there, you're showing me that you're not just in the now, you're thinking about the future and you're not just thinking about oh, just again, tunnel vision.

Steve: 28:06

You're thinking about the bigger picture, a bigger picture at that point, and yeah, I mean you're, and you're also showing that you're looking to improve yourself. And you're also showing that you're looking to improve yourself and you're looking to become a better security professional, be more well-rounded, I mean. All those things are just dude, check, check check, check yeah.

John: 28:25

Yeah so yeah, last thing I'll say on that, on just this people getting in the tunnel mindset is people get in the tunnel mindset is I've been to many conference talks and like listening to a speaker talk about whatever the latest, greatest, maybe defensive topic and tool, and I'm sitting there thinking like this person has no offensive skills, like so they are very focused, all blue team, all blue team. And then I'm just thinking back and forth of, like well, this is what the bad guy's gonna do to get around that, or this is what the bad guy's gonna do to they just don't have that skill to pull from, and and being able to have these skills, like I said, is gonna make you better. It's definitely gonna make you better. Um, so, last last piece to wrap this up you, you know we talked about how to learn these skills. There's a ton of, there's definitely tons of tools. Try Hack Me, hack the Box, right, you know you can think about where you probably go to learn your offensive skills and then move those to I mean defensive skills, and move those to oh, they probably have an offensive tree as well the TCM Academy. Right, they're mostly offensive. They've added more defensive stuff too, but those are very good and you know they're just. I think they do a great job of giving you hands-on as well.

John: 29:51

And in your own lab, as we've talked about with labs, you you get to practice to build the environment and then you can build the monitoring the defensive side of how to monitor for that environment and then hack it. You know you have your lab and then just go attack. Go attack it and see what happens and run through walkthroughs in those vulnerable environments or vulnerable machines and then go back to defense. Okay, how did my defense, my detection, work? Did it work? Did I get logs for this? What do the logs look like? Right.

John: 30:29

And then you build the next thing and so get more experience back with building and then you again do detection. Maybe you add more detection or you try different tools. Oh, I tried this tool versus this tool right. And then you hack it and attack it again right. So you can do all this even without going through a training program. It takes drive and determination and some know-how as far as, like, you can get all this stuff from free, like, hey, let me go download some vulnerable, vulnerable things. Maybe you go watch some videos on on how to build those out or how to do the detection, but it's all free, really. And um, and you just recycle through that, right, your lab can be this test bed of learning all three of these fundamental foundational principles. So, um, and we'll add some things to the show notes to help back this up, but, um, yeah, this is it. This is like the build secure hack. I think this is going to be a t-shirt. What do you think, steve?

Steve: 31:31

I. I think we should speaking of. Did anybody notice my polo?

John: 31:36

I know, I know that's a beautiful polo. You got there, steve. The logo on there is amazing oh, we're sponsored by adidas psych. I wish, I wish, I know if you, too, could have this polo that steve's wearing today. If you can't see if you're on audio, only steve has a fabulous looking it's fabulous polo with uh, with our logo on it.

John: 31:57

Um, if you check the show notes, we have a little swag link the swag store a little. Uh, you know, we got shirts, we got hats, we got mugs, yes, stickers yeah, yeah, we're out there.

Steve: 32:09

You want to uh, support the podcast? We appreciate it.

John: 32:13

Yeah, also, I would love to see some pictures of you just you flashing your swag that'd be cool showing it to the world my dream is to how was I gonna say no, go ahead it's step one of world domination, that's right yeah, my dream is to be walking in a conference one day and see people wearing our stuff. It's like oh look, I see you, I see you?

Steve: 32:33

Oh, that would be amazing that would be awesome.

John: 32:37

No, well, that's it. Just thank you guys. You know we just kind of covered, right why this offensive mindset switch is important, how it's going to help you be a better defender, why we think the skill sets matter, how that switch from being reactive all the time to now being proactive is important. And how it's going to make you more marketable, right. How you're going to be able to sell yourself better having these skills.

Steve: 33:06

And, like always, we will be sharing a bunch of links and just resources to, like John said, back this up to kind of help you guys go through that, building those skills and that kind of mindset switch, like John was talking about the way of thinking for an offensive individual. So, yeah, please let us know what you think, if you have any comments, questions. But other than that, I think that's a wrap, john.

John: 33:30

Yeah, Just last pitch. If you want help and you want to dive deeper, if you'd like us to help you out again in the links, reach out to us, contact us. We can set up some time to help you build these skills up. So, thank you, guys, We'll see you, thank you.

Steve: 33:52

Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.

John: 33:57

Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

Steve: 34:07

Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Higuretta. Thank you for listening.