YinYang

The YinYang philosophy says that the universe is composed of competing and complementary forces governed by a cosmic duality, sets of two opposing and complementing principles or energies that can be observed in nature. Similarly, the nature of offensive security requires a balance of proper mindset and technical expertise. To truly master this security discipline, you must learn to balance and draw from different sides of experiences in life, including the psychological aspect as well as the ones and Zeros.

Jeremy “Harbinger” Miller is an InfoSec professional primarily interested in how security skills are taught, learned, and applied by individuals and organizations. He is currently the Product Manager of Content Development at Offensive Security. We catch up at the bar to discuss his unorthodox path into Infosec, his background in teaching martial arts, the true meaning of OffSec’s mantra, “Try Harder”, and the importance of counterbalancing mind and technical skills.

SYMLINKS
LinkedIn
Twitter
Hashnode
Offensive Security
Burn Your Boats
NorthSEC
Brewskey Pub – Montreal CANADA

DRINK INSTRUCTION
YIN YANG MARTINI
1 oz Stoli Vanilla Vodka
1/2 oz Godiva White Chocolate Liqueur
1/2 oz White Creme de Cacao
3 oz Vanilla Ice Cream
Blend all ingredients for 15-30 seconds in a blender. Pour into a 10 oz chilled martini glass to the rim. Garnish with dark chocolate shavings in the shape of a YinYang. Place 1 white chocolate disc on the dark side and 1 dark chocolate disc on the white side.

CONNECT WITH US
http://www.barcodesecurity.com
Become a Sponsor
Follow us on LinkedIn
Tweet us at @BarCodeSecurity
Email us at info@barcodesecurity.com

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.

Chris: Jeremy Harbinger Miller is an InfoSec professional, primarily interested in how security skills are taught, learned, and applied by individuals and organizations. He’s currently the product manager of content development at offensive security. Jeremy, welcome to the barcode, man.

Jeremy: Hey Chris, thanks for having me.

Chris: Absolutely, man. You’ve taken a pretty unique path that has led you into InfoSec. And if you don’t mind, I’d like to start this. And just talk to me a little bit about your background and your journey into the industry.

Jeremy: So, yeah, like you said, my background is pretty unique. I think I actually wanted to be a lawyer originally and I worked for the lawyer.

Jeremy: The lawyer was great. I really enjoyed working with him. But the one thing I learned is that I don’t want to be a lawyer. I was studying philosophy because I thought that, you know, it would lead into law. You learn how to argue, you learn how to think. So what does one do with a philosophy degree? So they don’t want to be a lawyer?

Jeremy: Well, I really liked logic. I liked logic and then intermediate logic intro to computation. How, how computers and logic are very similar and that led me into AI, artificial Intel. And it turns out that artificial intelligence just needs a lot of math. And I, I was not, I did not consider myself a technical person at the time.

Jeremy: I struggled with math in high school and in college. So I thought, ah, this is not for me. I can’t do this. Which as we’ll talk about later, it was really ironic. But, but at the time I was working with. A short interning rather for a company that was doing research in artificial general intelligence.

Jeremy: And one of my mentors there said, do you know what, think about information security. And I said, huh, I’ve never thought about information security. Why would I, why would I do that? And he said, well, in AI and in InfoSec, you’re thinking about other agents, you’re thinking about other people that are possibly smarter than you.

Jeremy: How do you deal with somebody who is, is trying to address. And I thought, yeah, that’s really cool. So I looked up, hey, how do I, how do I get into information security? And I stumbled on offset con offensive security.

Chris: This was through your own

Jeremy: investigation. Yeah. Through my own, my own research. I literally didn’t know anybody in the field.

Jeremy: I just Googled it up and then said, oh, there’s this certification and its hands on. And you learn while doing. And it’s really hard. And I thought, okay, I’ll just, I’ll just do that. So I signed up for a PW UK penetration testing with Kali Linux. And I obviously had no idea what I would be in for I didn’t know how Linux worked or networking or any of that.

Jeremy: So to say that it was a struggle is an understatement. I spent many, many, many, many, many months in the labs, just not even hacking machines, just trying to figure out like what a machine. I, I had to ask a lot of help from the student administrators who are now very good friends of mine, of course.

Jeremy: Cause I’ve, I’ve been working there for many years, but finally, after many, many, many months I eventually passed the exam and I was really, really super lucky because. After passing the OSP exam, you get access to an exclusive forum of all the other cert holders. And at the time this was, this was years ago, like six years ago, offset was really small.

Jeremy: I think they were less than 15 people. The only way that you found out about job roles was, was through just do this forum. There was no website, like there is now there was nothing. Right. And so they happened to be an, a posting for a student admission. Who are the guys and gals that help students day-to-day help with tech support, help with mentoring.

Jeremy: And I said, look, I don’t know anything except for what you’ve taught me which makes me a perfect candidate, because you can only be however you like. And they, they accepted that argument and they hired me. And here I am today.

Chris: Yeah. It’s definitely an unorthodox path. I’d say. Yeah, typically it’s much more methodical and so.

Chris: With that influx of information that you were absorbing at, once you say you were immersed in lab environments, learning Linux and learning, you know, command line syntax, taking all of this in at once. I’m sure it was stressful for you too.

Jeremy: Yeah, it was, it was overwhelming to say the least the first three months were, were really, really hard because I didn’t even know what I didn’t know at all.

Jeremy: I should say I did have before starting with PW, K I did spend a year doing sort of like a digital forensics certificate at another college, but it really wasn’t very technical. It was, it was very theory driven. So that helped a little bit to sort of ground me. I knew a little bit of programming and like I said, I came from, from studying logic and philosophy and that, that helped a lot just understanding like how things can flow.

Chris: I see. So how did you stay regimented mentally and just not to get out by terminology or, or theories, because again, typically these are skills that you have to develop over a longer period of.

Jeremy: Yeah, I think what kind of helped me a lot was knowing that I didn’t know what I was doing. And I would only find this out later when I became a student administrator myself and helped other students who did come in with a background that’s, you know, as you said, much less unorthodox you know, people would come in and they’d have some experience with programming or system administration, and they get stuck, and they’d get frustrated.

Jeremy: I had the advantage in a way of knowing. Not caring if I was frustrated or stuck with something, because the only place to go is up. Like the only thing that I could do is, is learn a little bit more, whether it was useful for pen testing or just something general about technology or about how I learn or whatever it was.

Jeremy: I tried to take every opportunity to learn something. And I can’t tell you that I was never frustrated. That’s never how this works. But I think that I had a very good and currently, still you do have a very good. Means of transforming frustration into productivity.

Chris: Do you feel like it’s almost like you have nothing to lose?

Jeremy: Yeah. Yeah, exactly. That was it. I want to say, I want us to have more to lose now. So it’s, it’s almost harder in a way, but back then, I almost, I kind of painted myself in a. Intentionally like backed myself into a corner so that the only thing that I can do cause I was getting out of university I had to find a job and I said, okay, I’m going to do this thing.

Jeremy: And then I got to go get a job. And so that’s, you know, that’s what I had to do.

Chris: It’s, it’s interesting the way that psychologically, that works. And to think that if you can place yourself with that mindset, no matter where you are in your career, and it’s proven to work. I wish it were as easy as flipping that switch, but again, like you’re accredited at this point.

Chris: Like you do have something to lose, but you know that if you flip that switch, the outcome will be better.

Jeremy: Of course, since we’re, since we are recording     live, I of course forget the reference, but I know that there was, there was one military leader in history who burned his own. So that is his men couldn’t get back on the boat so that they had to advance.

Jeremy: And I, I really don’t remember who it is right now, but I’ve always liked that image. And I found it very useful as a, as an individual tool for yourself. Not maybe the most mentally safe thing to do, but it’s effective.

Chris: Yeah. I mean, and that’s what you need is, is effectiveness. And you have to figure out what works for you.

Chris: And if you’re, if you have nothing to lose a lot of the times, I think you’re more receptive to information. That you’re taking in. Yes.

Jeremy: The other thing that I’ll say is that I really was fortunate in that I had the luxury of time. I really was able to, my parents were supporting me. I was able to sit in the labs eight to 12 hours a day for months and months and months.

Jeremy: And I was comfortable. I didn’t feel time, pressure. I didn’t feel like I had to do this right now. I, I said to myself, you know, I’m going to do this well, and it’s going to take me longer. And I was watching students come in and. I paced me and I tried very hard not to let that get to me. But I was lucky that I had a lot of support from my parents, my friends my friends were like, what are you, what are you doing?

Jeremy: I’m like, I’m learning how to hack. Like what, why

Chris: did the lab format at the time help?

Jeremy: Yeah. Well, yes and no. What, what helped me was. You asked for copies structured. I had a whiteboard and I still have a picture of it. I could send it to you later. I had a picture with all the hosts names of the machines, and I would, I would, you know, check them off when I got them.

Jeremy: And that like every day I’d wake up and I’d look at the sport and that really, really helped me you know, keep motivated and disciplined with what I was doing. And it took a long time to see even one check mark on the board. But I remember that after I got, I think like nine, then they started.

Jeremy: And then it was like, oh, okay, I’m starting to get this. And then of course you stall it around. I don’t know, 30. Cause then the machines get harder and harder. But yeah, he is having that, having that sort of visual reference. Yeah.

Chris: Yeah, exactly. Yeah. Yeah. Something else unique about your background is that you have a martial arts teaching background and experience as well. And I am in no way, a martial artist myself, but I’m a fan of the sport. I’m a combat sports fan in general. And I think it’s fascinating that a lot of security professionals share that passion. There are definitely some, some parallels to be drawn.

Jeremy: Oh, yeah. I’ll I can, I can wax on for quite a while, but the parallels I see between the two I do think, I do think that like, if you take any two disciplines and someone is a practitioner of both, there’ll be able to draw analogies.

Jeremy: That’s just like how, how, like the human mind thinks. But for me I think specifically with offensive security, meaning like, meaning the discipline penetration testing, not, not the company. There are a few things, a few things that I would highlight. Number one is just the mindset of, of engaging with another person or giving respect to that opponent.

Jeremy: And I don’t mean respect in the sense of like being nice to people. Like, obviously that’s important in martial arts. That’s a huge tenant of like, you know, in, in, in a lot of east Asian martial arts, you bow and Brazilian jujitsu or boxing, you pop hands. So that’s obviously important to them. I’m just not talking.

Jeremy: That’s not what I mean right now. What I mean about respect is understanding that your opponent has a game plan and that they’re smart and that they’re trying to beat you, just like you’re trying to beat them. You’re not, you’re not fighting a robot or an automaton. You’re fighting someone who is actively engaged in fighting you.

Jeremy: And so, once you can sort of realize that there’s a mirror of your own mind and there’s that’s where the fun. And now you don’t get to see that, like, at least in my case and in my experience, I don’t think I recognized that until many years of, of being a martial artist. I started when I was six.

Jeremy: And I think maybe I was only, I was only smart enough to sort of recognize that when I was, when I was in a house. Right. So, so many, many years later. But yeah, that, that, that first thing translates to cybersecurity, of course, because as an attacker, you have to think, not only Hey, but there’s also this machine that I’m at.

Jeremy: But there’s a human that actually developed the machine. They programmed it, they made it work. They have certain motivations and certain incentives. What are they, how can I abuse those? And that flip-flops on the defensive side as well. Because as an offender, you’re going to look at your network and go, okay.

Jeremy: If I were an attacker, what would I, what would I want to do? Why would I want to be engaged with my network? What could I gain if I were the attacker? And so I think it’s very important in both combat sports and martial arts, too. Think about the opponent and to, like I said, I don’t, I don’t think I have a better word for it to give respect to their mindset to their point of view.

Chris: Yeah. I mean, how many, how many fights have you watched where the, the favorite to win that match underestimates their opponent and it, and it’s like you never know. And, and I think one of the main differences is here. You can’t do recon on your opponent. You have to assume they know. Yep. You can’t watch film of you know, cyber attacker, because you don’t know who’s coming at you.

Chris: Right?

Jeremy: Exactly. But imagine if you could though.

Chris: Yeah, yeah. You just have to stay on top of the threat landscape and what attackers are doing. Right.

Jeremy: That’s exactly right. I mean, you have, you have sort of the aggregate. That’s why you see it, you see things like, like MITRE come out where you can say, okay, how do most attackers right.

Jeremy: Right. Is every attacker going to fit that model? No, some are going to do their own thing and you’re going to look at it and be flabbergasted. And those are the attacks that unfortunately ended up working. But I think as a community, we’ve done a very good job of sort of figuring out like how in general do attackers and defenders work.

Jeremy: I think the field has evolved a lot in the past six years. I can’t say much about what came before. I don’t know. But definitely what I’ve seen in the past little bit has, has been an evolution in terms of like, how do these different mindsets work and how do they interact?

Chris: I want to switch back to offset for a sec.

Chris: You’ve had multiple roles at the company, and you’ve got to really witness the evolution of. The student training model and in the cybersecurity field and how to optimize training. And like you have been in martial arts for, for so many years. Were you able to apply any of those attributes of training and developing others in martial arts over to offset?

Jeremy: Yeah, so, so I should start off by saying I have taught martial arts for many years. After I became a black belt in karate. I started teaching for my teacher at his dojo. And I did that for eight to 10 years, something like that. So I’ve instructed children as young as four and adults as old as 64. So a very large range of people and definitely that helped both as a student myself when I was learning.

Jeremy: But then also as a student administrator, as a sort of sort of teacher, it’s not quite the same thing. You’re not teaching in the sense of saying, okay, let’s sit down and have a lecture, but you are guiding students through the process and trying to help them without being too explicit about it. So that’s my background.

Jeremy: They are. And I, I will say that that has colored the way that I’ve interacted with students significantly. I think compared to many of them. Other students, administrators that joined me, you know, they, they came from a much more technical background. And so, they, when they’d help students, they’d have sort of a lot more confidence in their foundations.

Jeremy: Whereas for me, I would always go in sort of recognizing that, hey, you probably know more than me in a lot of ways. What I can do is help understand, help you understand how you’re thinking about the problem and help you with your mindset and your sort of psycho psychological engagement. I. I always found it very valuable and important for the student to sort of, at least in my own head, recognize that, hey, I’m, I’m not going to be an expert in, in especially like the foundations of the technology.

Jeremy: Cause that’s my background that I just want to make sure that that’s out there as I’m expressing this, I think. One of the most important things as a penetration tester. And I don’t know if this translates to the defensive side at very well, it probably should, but I, I just don’t have the experience myself.

Jeremy: But as a pen tester, I think it’s really important to recognize that you are a thinking machine in the sense that the way that your brain is working, the way that you’re thinking through the problem, isn’t. And it will never be perfect and sort of recognizing your own flaws, looking at yourself and going, okay, I have this machine and that my goal is to attack the machine, but a secondary and almost more important goal is how am I going through this process?

Jeremy: And the reason I think that’s important is because hacking is or information security in general is an exercise and uncertainty reasoning under uncertainty. Because if, if you knew everything that there was to know. About the machine, then there wouldn’t be any hacking to do. You would literally, you would sit at your terminal and type the specific command or the specific code that would get you that should the shell.

Jeremy: And that would be it because you already know everything there is to know about the machine. So the very fact that hacking is a thing that like it’s a, it’s an activity that can be done exist only because there is something that someone does. And so recognizing that in yourself, that approaching the problem with some level of like epistemic humility and saying, okay, I obviously don’t know everything about this machine cause I can’t hack it right now.

Jeremy: So what do I need to learn about it in order to, in order to make progress on it? I think that’s really important. And that’s not, that’s not, that’s not a mindset that I think most people start out with.

Chris: Yeah. I love that you pointed that out. To me, I envisioned the ying-yang concept. Right? It’s the interconnection and counterbalance of the proper mindset and technology.

Chris: Because if you think of it only as technology, that’s problematic. Right? I mean, you and I both know that there’s no black and white manual for pen testing or even hacking. So yeah, understanding that I think is a requirement. Just becoming great at it.

Jeremy: Yeah. And I, it is, I think you’re absolutely right.

Jeremy: That it is a balance. Like I think one of my own failure modes is I think like, oh, if I have the right mindset, I can do anything. And that’s kind of true, but it takes a really long time and it’s not efficient. I think you do. Roll up your sleeves and learn the technology and take the time and really engage with this stuff.

Jeremy: It’s not just, okay, I’m going to go hack a machine. It’s can I build the machine myself? I’m not going to go sit down and develop a website and intentionally put into vulnerability and then go attack it. Like, I think that that enterprise is really important. It’s not just, oh, you’d have the right mindset.

Jeremy: And there you go. That’s a super important key, but like you said, it’s not, it’s not the only thing.

Chris: And one aspect that I’ve always appreciated about offset is really the culture that you breed and the level of expertise that someone can achieve through that program by having that mindset as well within your curriculum.

Chris: What are some of the attributes that you personally. I want to see your students gain. Obviously, you have the certificate side, but I think that certificate, especially with offset certificates, represent a deeper set of skills and knowledge and again, mindset.

Jeremy: Yeah. So as I’m sure, we’ll, won’t be a surprise to many listeners.

Jeremy: We do have this this phrase, this motto called try harder and it’s unfortunately been. Really misunderstood throughout the years. And, and we haven’t necessarily done the best job of explaining what we mean by it all the time. So the community has kind of interpreted it and to like justifiably. So I’ll say a bit about what I think the interpretation is.

Jeremy: And then I’ll say a bit about, at least about what I mean by it. Not necessarily the company itself, but my own, my own interpretation. So I think it’s, it’s been interpreted to me in sort of. Elitist kind of go bang your head on the wall until you figure it out because that’s the best way to learn.

Jeremy: And unfortunately, I think that a lot of our students have taken that interpretation and that’s how they think we want to sort of portray it. So when a student comes in, asks for help, another student might go, oh, you should try. But at least when I started and like I said, this was six years ago. The first thing, the first thing that my, my boss, my mentor, a student number, my mentor at the time said was never, ever, ever say the words try harder.

Jeremy: Right. Like we don’t do that. Right.

Chris: It’s intimidating.

Jeremy: of course. It’s belittling it doesn’t help. There’s, there’s never a reason to say that. I think that maybe, and again, this is, this is before my time, but many, many years ago when offset started. So starting, I don’t know, 2000, let’s say 2009.

Jeremy: Right. At that point, the only people offset was teaching was really seasoned Pinto. And so for that for that crowd sometimes maybe try harder as a joke as a, as a sort of, you know, what you can do this, you’ve got this, go try again. That audience might have been receptive to that, but as the information security community has evolved as we’ve had so many more people with so many more diverse backgrounds come in, I think that that has become less and less useful as the.

Jeremy: I can tell you that myself as a student, I never heard, I never heard anybody say that to me. That worked for off second. Certainly. Certainly, have never said that to a student myself. That all said, I think that the intention behind it from my perspective is still really important because like I said before, if you’re engaged with a machine and you’re trying to hack it or a network or an organization or a person or whatever, there is something that you must not know.

Jeremy: And by virtue of not knowing the only way for you to figure it out is to engage with it and learn more. So for me, try harder. Isn’t about just like literally banging your head on the wall and getting nowhere and getting frustrated. It’s about recognizing that, hey, this thing isn’t intended for me to hack, even though, you know, in a lab, in an offset lab or another lab, obviously the machines are created with the intention to be in how.

Jeremy: But let’s put that aside and pretend that it’s a real-world environment. In the real world, the defenders don’t want you to hack their machines, believe it or not. Right. So I think like giving we come back to that word, respect, giving respect to the industry in the sense of like, people are trying to design systems that are safe, that are secure.

Jeremy: And we’re trying, as pentesters, we’re trying to go in and break those things. That’s. And we let’s recognize that it’s hard. It’s not, it’s not, you know, this trivial thing that you just do. But it takes a lot of work. And one of the skills that it takes is learning when you’re stuck learning, when you don’t know something and trying to say, okay, I don’t know what to do next.

Jeremy: What are my options? What can I do if you are a reaction to that situation is okay, I’m stuck. I got asked for help. You might gain the information you need to hack that. Which is good. You’re still learning something, but you are not exercising the skill of what do I do when I’m stuck. And so for me, at least the object level the object level skill of like, how does this technology work?

Jeremy: How do I do a SQL injection on, on Oracle? Right? Like that’s, that’s sort of an object level skill, and learning that as good and useful and valuable. And, and everybody should go do that. Not at the expense of, I don’t know which type of SQL server is running. So I need to go figure that out. I think that that’s that second thing that sort of met a level of skill.

Jeremy: It was like, I don’t even know what to do in this situation. That is in my mind, usually more important than harder to develop. And so when, when I think about try harder, that’s really what I that’s really what.

Chris: Yeah, a hundred percent. I can think back when I transitioned from it into security in 2012, I remember looking at offset and I don’t think there were many other cert programs other than the OCP and maybe P WK.

Chris: And I looked at it and it was intimidating. And then I heard the try harder mantra. And to me at that point, I took it in the literal sense. You know, in correlated it to the exam. And just didn’t fully understand that. What I understand now is that try harder really is a mindset of persistence.

Chris: Exactly. And it doesn’t leave you because if you ACE that exam, that mantra is still the same, that mantra doesn’t change. And I think that I can respect that more now having been in the industry. Yeah, but again, coming in its yeah, you’re reading it more in the literal sense.

Jeremy: for sure. And I don’t, I don’t, you know, I don’t begrudge the students that I don’t begrudge people who are looking to get into the field and they, they go read reviews and they say, oh, let’s try harder thing is, is scary.

Jeremy: For sure. And so again, like I said, I think that we can do a better job of expressing what we mean by that. Maybe, maybe the literal word is try harder. Aren’t the best ones to communicate this. There are probably others that can be used as well, but I think, I think your phrasing of persistence is really good.

Jeremy: Persistence, grit, determination all those others. Nice synonyms.

Chris: Yeah. And apply that everywhere. It’s just trying to improve and trying to get better. That’s how I see it.

Jeremy: There’s also a tendency to say, okay, you’re using these words like persistence and try harder and grit and determination. Are you saying that I should just keep working and keep, keep trying and try and to try and to try and not give myself rest.

Jeremy: And a lot of people interpret in that way, and that’s not the case either. I think you need to give your mind time to address. Two different stimuli. You need to give yourself breathing room and we all have a limit, whether it’s, whether it’s two hours or eight hours or whatever it is for you in the day, there’s no utility in pushing past that.

Jeremy: And one thing I don’t think we necessarily stress enough or pushing off is. It’s going to like you, this, this stuff is really, really challenging. It’s hard on the eyes. It’s hard on the body. You’re sitting down usually for most people for many hours at a time you’re hunched over looking at your screen, like give your body a break, give your mind a break.

Jeremy: Try harder is also about taking care of yourself in my mind. That’s

Chris: a great point. In terms of. Training methodology. We talked about certs, right? From your perspective, how important are cybersecurity degrees in 2022 versus, you know, bootcamps or even self-teaching? Do you feel like it has its respective place for aspiring professionals?

Chris: And how do you as an instructor pinpoint. Or can you pinpoint what will be the optimal way that a younger student perhaps can, can really kick off their career? Yeah,

Jeremy: I’m very good question. I’m obviously biased working for, working for a certification company. So I will say this when I did my degree in forensics, that was not a degree.

Jeremy: It was a certification program from a university. That was very useful for me at the time to sort of get my foot in the door and get just an overall view of the landscape, but definitely compared to TWK at off sec, totally like totally different ballgame. The, the, the program that I did and obviously this isn’t to represent every certification or degree or university program.

Jeremy: I obviously I have no experience there, so I don’t know. The two in comparison, the two that I did definitely different experience the offsets is much, much, much more hands-on much more practical. The former is much more theoretical and, in some ways, for me, it was helpful. And he listened to, who’s spent the last 20 minutes listening to me, probably got the feeling that I I’m pretty theory driven and I am.

Jeremy: And so, you know, that’s not, that’s not necessarily for everybody. So for me, it was helpful. I think, to answer your latter question about how to get started. I think. Recognizing like the different career paths that you can get through and security there’s a lot. It can be overwhelming to say, oh my gosh, there’s pen testing, but then there’s whereabouts.

Jeremy: And then there’s red teaming. And if I don’t do offense, then there’s, there’s defense and there’s malware and there’s, there’s so many opportunities.

Chris: Is there an aptitude test in any way? Like can someone that doesn’t understand even the terminology. Is that something that you can help with sort of explain to them?

Jeremy: Yeah, so, so depending on when this is published offset may or may not be working on something to that point, I think giving people a sense of where they might want to go is important, but I also, I also think that, yeah, we don’t want to wallpaper up. So if you take an aptitude test from the start and you’re like, hey, I don’t know anything about information security, but the stuff sounds cool.

Jeremy: Tell me where I should go. That has value. As long as we’re saying, hey, do you know what? You’re not, you’re not going to be good at this, right? Like, cause if you take somebody like me, I’m not going to tell you that I’m a great pen tester. I’m certainly not. But if you told me in 2014 that, hey, you’re going to go learn hacking and you’re going to become a pen tester.

Jeremy: I would have laughed at you and said, no, I’m not technical. And today I do consider myself a technical person. So there’s this danger, I think, in, in, in walling people out and convinced and like telling people like, oh yeah, this isn’t for you. I think on the other hand, it’s much more effective to, to say, okay, you have these, these, and these attitudes.

Jeremy: That’s great. Your mindset may point you towards this, but don’t catch up that because you never know. Right. Give yourself the option.

Chris: Yeah. And with the evolution of our industry, we’re all pivoting in different directions on what, what we want to pursue, but just having something laid out that explains the different routes that you can take would certainly be helpful.

Jeremy: Yeah. Now offensive security does have a new program coming out. It’s called learn fundamentals, and it’s all about how I get into. How do I get into the InfoSec field? Learn fundamentals will contain prerequisite courses for something like PW K and our recently released SOC 200 and web 200.

Jeremy: And the goal of getting students those skills, they need to then take those more advanced courses.

Chris: Oh man, that’s awesome. And it’s so much needed too. I mean, especially with these young students that have an interest in cybersecurity, but. Uncertain and unsure of what that really encompasses. Yeah. There’s often this this idea of hacking and pen testing and offensive security in general, you know, being this enigma where it’s just unexplainable on achievable and not knowing where to start day one.

Chris: And I think what you’re doing with that program is amazing and really helping to. The next generation of professionals in, in a much more pragmatic way than what we saw, you know, in, in our era.

Jeremy: Yeah. We’re really excited about it. I’m really excited about it. When I started, I know that I would have definitely benefited from this.

Jeremy: And I think that offset has an organization has sort of recognized that, Hey, we’re not in, we’re not in 2009 anymore. People coming to us or. Susan pentesters there people from all walks of life, including, including technical things like it and programming, but also non-technical people. We get, we get people who are from totally different fields that are starting to realize like, hey, I need to get a digital, digital skillset.

Jeremy: In 2022. So what am I going to do? And they look online, and they go, oh, cybersecurity is this big booming field. Cool. That sounds really awesome. It’s going to help the world. How do I get into that? And then they stumble on, you know, something like PW, K and OCP, and that’s not, it’s not entry entry-level in the sense of, of, you know, coming in from nothing.

Jeremy: So for a long time, we didn’t have, we use an offset. Didn’t have a. Anything to really say to that. So now we’re, we’re really excited to have this out there and have had a product for that, not audience

Chris: and really quickly, can you point our listeners to the website or where they can find out more about the current offerings of offset and, and how they can reach you?

Jeremy: Yeah, absolutely. The website is www dot offensive. Hyphen security.com. And there, you can see all the different, all the different products, all the different courses.

Chris: Nice. Nice. Now, Jeremy, before you go, you’re in a Montreal area, is that correct?

Jeremy: I am indeed. Yes.

Chris: So since this is barcode, I need to ask you if I were to visit and I’m looking for a place to have a drink after, you know you know, an offset bootcamp and I need to place the one wine where Montreal would you direct me?

Jeremy: All right. So, I, I’m going to give you the, the normal answer and the hacker answer. So, the normal answer is brewsky. That’s a, that’s a great one, really, really nice place. One of, one of the CTFs that happens every year at Montreal called north SAC is right next to that bar. So, so it’s a great At least at that time of year there are definitely hackers around.

Jeremy: The hacker answer is I can’t tell you where it is because it’s a secret. But there’s this really cool bar in Montreal where you, you walk into this ice cream shop and in the back of the ice cream shop, there’s like a secret bar. But the cool thing is, is that if you go through the bar, then there’s a second secret bar.

Jeremy: And the second one only has mezcal and tequila. It’s really cool.

Chris: It’s layered security

Jeremy: yes, security by obscurity.

Chris: That’s awesome, man. So I love speakeasies like that. And if I go to a city I’ve never been to before. That’s typically at the top of my list is define the best speakeasy. So I just heard last call here. You got time for one more. If you opened a cybersecurity theme, the bar, what would the name be? And what would your signature drink be called?

Jeremy: Yes, I started, I thought a lot about this one and I don’t have a really great idea. I think it would go with like something really cheesy and nineties.

Jeremy: So maybe we’d call it. Have it all you know, black and green themed and then serve something with, I don’t know, Midori and Coke or something. They could really drink harder. Maybe you don’t want to say that?

Chris: No, no. I love that though. It could be super dark. It’s gotta be dark themed.

Jeremy: Yeah. Well the, the like cyber, cyber green matrixy stuff on the wall.

Chris: Cool man. So Jeremy, thanks again, man. I thought this was a great conversation and I’m, again, really appreciate your efforts at, at offensive security. I think it’s moving the chains forward with the with the aspect of cyber security training and yeah, I appreciate you coming on the show and sharing your thoughts with us.

Jeremy: Hey, thanks so much.

Chris: Take care, man.

Jeremy: Cheers.

To top