SESSION TITLE: LONE STAR CYBER CIRCUS
RECORDED: 12/7/23
VENUE: Hop and Sting
LOCATION: Grapevine, TX
GUESTS: Various
SPONSOR: IBM

ABOUT THE GUESTS:​
Cyber Distortion – Security leaders Kevin Pentecost and Jason Popillion joined forced to create ” Cyber Distortion”, a leading security podcast which they describe as their own way of paying back an industry that has been so amazing to them over the past couple of decades. They believe that as cybersecurity experts, we all play a critical role in protecting businesses and individuals from cyber threats.
Phillip Wylie – Phillip is an offensive security professional with over 25 years of passion and experience in information technology and cybersecurity specializing in penetration testing, assessments, application security, and threat and vulnerability management. An international speaker and author, Phillip shares his expertise by hosting The Hacker Factory Podcast and Phillip Wylie Show while also serving as a penetration tester, instructor, and founder of the DEFCON Group 940.
Wirefall – As a military and law enforcement veteran, local security community advocate, and entrepreneur behind Telesploit, Wirefall has over 25 years of experience, including founding the Dallas Hackers Association while consulting on attack and penetration tests, having previously served on the boards of BSides DFW and TheLab.MS.
Juneau Jones- Raised in the Alaskan wilderness where she developed her love of hacking through building and breaking things, Juneau later studied computer science and economics before moving to Dallas, Texas and finding her place in the local hacker community where she now works as an adversarial analyst while continuing her cybersecurity research.
NEURAL PHANTOM- @hacknotcrime advocate/Marine Corps Veteran/CISO/Leader of @Hack_FtW/Mentor/Public Speaker/Hacker/Gamer/Meiklejohnian absolutist.
Justin “Hutch” Hutchins – Industry leader in the fields of cybersecurity, artificial intelligence, and technical risk management. He is the creator of Sociosploit, a research blog which examines exploitation opportunities on the social web – a confluence of his interests in both technical hacking and social psychology. He is the host of Cyber Cognition, a podcast focused on trends and risks related to emerging artificial intelligence and machine learning technologies. And he is the author of “The Language of Deception: Weaponizing Next Generation AI.” Hutch has also spoken at multiple conferences to include HouSecCon, Texas Cyber Summit, ISSA, ToorCon, DEFCON, and RSA Conference
Quentin Rhoads-Herrera – Seasoned information security professional with over 15 years of experience leading security teams and safeguarding organizations. Expertise includes security analysis, risk assessments, penetration testing, and physical security implementations. Instrumental in building and maturing security programs for Fortune 500 companies, mitigating risks, and protecting critical assets.

The Barcode podcast welcomes cybersecurity leaders and ethical hackers to the Lone Star Cyber Circus LIVE in Grapevine, TX. The guest panel, comprised of Texas-based cybersecurity professionals, discusses the growth of the hacker community in the DFW area and the impact of AI on the threat landscape. They highlight the potential for AI to be used in offensive and defensive cybersecurity strategies, but also cau

CONNECT WITH US
http://www.barcodesecurity.com
Become a Sponsor
Follow us on LinkedIn
Tweet us at @BarCodeSecurity
Email us at info@barcodesecurity.com

This episode has been automatically transcribed by AI, please excuse any typos or grammatical errors.

ANNOUNCER: Step right up, step right up. Welcome to the Freak show that is the Lone Star Cyber circus. We have some curious cyber creatures here for your dubious entertainment. Leading podcast, virtuosos barcode cyber distortion and Philip Wiley. We welcome cybersecurity leaders and ethical hackers alike to an evening of intrigue, curiosity, and digital daring. Do the likes you’ve never seen. So come one, come all, to the cyber circus.

The greatest cybersecurity show on earth.

Chris: Right, y’all hear me? Y’all hear me? All right. What’s up, DFW? Thank you, and welcome to the first ever Lone Star Cyber circus here at Hoppinstein, beautiful grapevine, Texas. I’m from the east coast. I’m based in Delaware, right outside of Philly, so it’s an honor to be here. I grew up coming out here. No, don’t start. Don’t start that. I grew up coming out here. I have family in Arlington, in Mansfield.

Chris: So I’ve been coming out here since I was a little kid, but haven’t been out here in about ten years. So it’s great to come out and see how much the area has changed. And thank you for everybody that has joined us. Virtually any problem with the fee, just let Philip Wiley know, and he’ll take care of it. My name is Chris Glanden. For those that don’t know me, I own and operate barcode security. And before we get into the event, I want to make sure that we give a shout out to our amazing sponsors for this event, and I’d like to give them an opportunity to come up and introduce themselves.

Chris: So the first sponsor this event is Cyberstrike James. This irish stud over here. If you want to just get on the mic real quick, let us know who you are and what you’re about there, man.

James: Okay, so, hello. This is a thick Philadelphia accent, as you can tell. It’s a thick accent. Maybe not a thick Philadelphia accent, but I’m James anyway, and I’m the founder and CEO of Cyberstrike Group. So we’re based out of Philadelphia, and we’re a specialist cybersecurity staffing firm. We do a ton of stuff with the DoD we do a lot of stuff in the healthcare sector. We do a lot of stuff in the finance sector.

James: So Chris didn’t actually tell me I was going to have to say anything, so I put it all down in a little handout there that’s on a lot of your seats and tables. So pleasure to be here with you. Have a great night. We’ll have a beer later on and enjoy the show.

Chris: Thank you, James. Our second sponsor is trace three. We could have trace three come up to the mic.

Annie: All right. Hey, thank you guys so much for coming out tonight and facing the traffic. Grapevine is beautiful. My name is Annie Zhao with trace three, and I work for a nationwide national company that we do cybersecurity consulting as well as cloud security, infrastructure, all types of good things. And we have part of our crew here. Hutch will be speaking later on tonight. So thank you for coming.

Chris: Thanks again, guys. Really, truly appreciate your support here. And for those in the audience and online joining, virtual as well, please connect with these fine folks, have a chat with them, check them out, see what they’re all about. Again, my name is Chris Glandon. I host the Barcode podcast, and I’ve had the privilege of connecting with two great podcasters from this area, so, Philip Wiley.

Phillip Wylie: Thanks. I’m Philip Wiley. I run the Philip Wiley Show. I have a previous podcast, the Hacker Factory. I went independent back in April, but I’ve worked in offensive security for over eleven years. January make :: years in security total. But it was interesting. One of the things, one of our speakers, our group of speakers we’re having first is the DFW hacker community. And this is one of the things that was really life changing for me because hacking was part of my job. It was a hobby. I really didn’t get out and do much.

Phillip Wylie: Went and saw a lot of movies. But when I connected with the cybersecurity community back in ::::, I made a lot of really good friends. And one of my best friends, wirefall, is one of the guests here tonight. So I met a lot of great people. And even beyond just the Dallas area, we’ve probably got one of the best communities, I would say, in the US. I don’t really see anything close to it. We’re welcoming.

Phillip Wylie: Like, Dallas Hackers association was modeled after Austin Hackers association, but with that place, you went there one time, next time you got to speak with Dallas Hackers association. There’s no pressure to do that. They encourage people to do that, but don’t force people. So it’s a really welcoming community. No gatekeeping. So it’s really awesome. And then we got people down further south, like Hutch, that’s joining us, that’s a pen tester, researcher, and AI guru. So that’s going to be another good talk here. So, one of the things I really like to do, and one of the things I love about podcasting is not only sharing information, but introducing people to really cool people. I know.

Phillip Wylie: And so that’s one of the recommendations for who we have speaking tonight. If you live in the Dallas Fort Worth area and you don’t know of Dallas Hackers Association, DC two one four, or Hack Fort Worth, you’ll get to meet these people tonight. It’s really awesome. Community. We promote each other. There’s been a lot of great careers, and speaking careers come out of Dallas Hackers association and really inspired me to start my own group, the Pone School project.

Phillip Wylie: I started teaching, got into podcasting, speaking at conferences. So it really has changed my life, and I’m very thankful for that. The funny thing is, since about ::::, I went to my first NASig meeting in :::: is when Dallas Hackers started. But back then, I just really. I’d left a job of :: years. I got laid off where I knew the same people. And so to socialize, I had to go out to the community, and I did that. And I would say between, like, :::: to now, I’ve probably made more friends in that little over ten years than I probably made the previous :: or :: years.

Phillip Wylie: So I made some awesome friendships, and I really look forward to sharing these people with you. Even Hutch. We go back to January :::: or December of ::::. We had a virtual OSCP study group, so we’ve been connected. So, really looking forward to hearing all these great stories and getting to meet these people tonight. So, thanks for joining us.

Chris: Thank you. Philip man, cyber distortion.

Kevin: Yeah. Welcome, everybody. I just want to, first off, say thank you all for fighting through that torturous traffic. We had no idea that we were booking this on the same night as the grapevine Christmas parade. So thank you for fighting through that and making it. Anyway, I know the parking is terrible out there, so again, thank you all. I am Kevin Pentecost. I am ::% of the Cyber Distortion podcast, the other :: sitting next to me here.

Kevin: Jason and I have known each other, what, ::, close to :: years now, I guess, met in the industry that we work in. I’ve been in it now for :: years. And in cybersecurity for about eight years. Love what I do. Enjoy doing my best to try to keep the hackers out of our environment at work. So hopefully I’m not putting a target on my back. That’s not a challenge to anybody in the room. Okay. And with that, I guess just enjoy the show. I’m going to hand it over to Jason.

Jason: Yeah. So, look, guys, I’m really happy to be here. I’m actually not from the DFW area. I’m from Des Moines, the Des Moines area. And so I flew down here just because this event was so special, and it identifies with what we are all about. And it’s the give back the conversation, the building up of the community, to getting people more knowledgeable about things so we can all win.

Jason: So that’s what we’re about. At cyber distortion, I know these guys about the same thing, and that’s what brought us all together. And I just had to come down to participate in this. I’ve been in it for :: plus years now. :: of those years was in a c suite with an organization in which I provided services for Kevin’s company. And the other :: years of those, I was at least a director level in it or above. So I’ve had the privilege, I tell the story often, but I’ll talk about this later. But I’ve had the privilege to see a lot of transformational things in technology over that time.

Jason: And it never amazes me. The next level we always get to, right? And the next challenge and the next thing that’s ahead of us, but one thing that just never, you can’t put your finger on it. You can’t say that you’ve conquered it. And that is cybersecurity. There is always another twist or turn or challenge or crazy thing you didn’t even thought of. You’re like, where in the hell they come up with that from, right? That kind of thing.

Jason: There’s always one of those things for you to deal with, and it’s always keeping you on your toes. And I’m lucky enough to have a buddy of mine to push me to get my cissp and challenge me to be in this industry so I can come here and talk to you all. So I’m happy to be here, and I hope you have a good time.

Chris: Thanks for flying down. How long was your flight, by the way?

Jason: Hour and a half.

Chris: I got you beat, man. Mine was : hours. Me and James both had to struggle : hours to get here.

Kevin: Now they put the Eagles fans on the slower aircraft.

Chris: Oh, man.

Kevin: I love the Buccees hat, though.

Chris: You like the Buccees hat?

Kevin: That’s awesome. Yeah, that’s a good touch.

Chris: Shout out buccee’s.

Jason: Yeah.

Kevin: Heck yeah.

Chris: We don’t have Bucee’s on the east coast. Well, we do, but not north. My :: minute Buccees stop was an hour and :: minutes, I think.

Kevin: Indoctrinated.

Chris: Yeah, I’m in. But yes, sort of being the semi outsider here, because I didn’t grow up here, I live on the east coast, but I still feel the shockwaves of this area, the DFW area specifically, and the security representation that you guys have. So you guys, being from this area, I’m sure that you have seen the evolution. Right? So I’d like to talk about just how the security community here specifically has developed maybe over the past :::, :: years.

Chris: And then we also have some special guests that we like to bring up from the area to talk about that as well.

Phillip Wylie: Yeah, it’s amazing because I got connected to the community back. First event was a NASIG meeting in ::::. It was before b sides, DFW. I would have went for the conference, but I had a powerlifting friend that was competing in Austin. So Saturday I had to go with him to help him out at the competition, but they had some screening the night before as like a pre conference event of some hacker documentary.

Phillip Wylie: So I went to that. And so once I got plugged in, it’s really interesting to see how things have grown. So we’ve had a DC group around for like :: years, is that right? So they’ve been around, but until I got connected with Dallas Hackers Association, I was involved in the very first meeting. So I’m one of the very first members. So it was interesting how that group grew from :: or :: people a month to, what, ::: at the peak? Or maybe even more than that. Just crazy.

Phillip Wylie: We kind of went through different venues, and one of the things they do at the first meetings is read out the rules, because one of the venues we met at, someone hacked the POS system and the owner of the establishment said, told Wirefall, you guys can keep coming back.

Phillip Wylie: No one’s going to hack it. And of course, being honest about the situation, Wirefall said, there’s no way I can prevent that, even if I’m here or what. So checked out some different venues and ended up at family karaoke, which is like a miniature con, like a mini con. Ctfs, locksport, fire talks, and this is like monthly. And just to kind of tell you of the impact it has had, there was a popular mechanics article that was titled, if you want to be a hacker, go to Dallas.

Phillip Wylie: And after that article was released, we had someone fly up from Mexico specifically just to come to our meeting. This person got a Twitter account and really got plugged into the community, wanted to get into cybersecurity. So we’ve had a lot of stories like that. It’s really grown for me. I found out about DC ::::, our DefcoN group, through DHA, Dallas Hackers association. And that’s really how I got one of the first meetings I ever went to was the North Texas Issa. And that was back in, like, ::::.

Phillip Wylie: That was in :::: or ::::. I kind of quit going, but then I got reconnected because of DHA. Wirefall would go to the meetings, and I would go to the meetings, and that’s how I got plugged back into the North Texas Issa. But it’s just done so much to feed into other areas, because even some of the folks from more than professional organizations, because we’ve been known for being not very professional at Dallas Hackers association.

Phillip Wylie: So it’s even got some of the folks over from the North Texas Issa joining in. A lot of cross mingling and growing of the community. So it’s really grown up. It’s really crazy how it’s expanded. When I started my pone school project group, it was supposed to be more educational, trying to bring people in. I used to refer to it as the gateway meetup. So people come there, they find out about Dallas Hackers association.

Phillip Wylie: And so it’s kind of cool to see some of the people that start out in the community. Like one of the people we got today, Juneau, I remember back in ::::, whenever she kind of. I guess she was probably, yeah, around ::::, when she first came into our community, she would come to the pone school meetings, go to DHA. It was kind of one of my favorite experiences was in :::: at b size DFW, the pen Tester blueprint, the talk that the book is based off.

Phillip Wylie: I did a talk on that at b size DFW for the very first time is given. And Juneau was one of the many people in the audience and inspired some of these people to get into pen testing, and some of these people joined my class, and people like Juneau has gone on to be an absolute rock star. I mean, it’s cult of the decal, awesome hacker. She’s a musician, she’s a circus performer. So maybe have to get into more of that when she introduces herself, but just amazing.

Phillip Wylie: And the cool thing about the community is all the differences. We’re brought together by one common interest, but we learn about these differences of the other people and it’s really kind of cool. Get people more interested in things. And especially as older people, it’s good to be connected to the younger people, to see how things are so you can evolve with your mindset with the community. Because people from my generation, the gen Xers, there was a lot of things that were different back then, but being around the younger people, you’re able to adapt, be better mentors, be better welcoming, build better connections. So that’s pretty much how it’s really evolved. It’s been an amazing thing to see.

Chris: Thanks, man. Cyber distortion, you have the same perspective, or what has been your experience?

Kevin: I’ll say this, I am not the person to speak about the world of hacking in DFW. I’ve spent my career in the world of cybersecurity on the enterprise side. So while I did attend my first Defcon hacker group meeting at Phillips DC ::: event this year, so I’m just now getting into attending those and getting into that scene a little bit. So I’m super excited about it. But yeah, I mean, really my experience will be more in the area of how it’s grown on the other side of things, on the enterprise and cybersecurity, corporate side of things.

Kevin: And I was reading an article the other day, and we’ve all heard of the Silicon Valley. Well, in the article, they were referring to Dallas Fort Worth as the silicon prairie because of all the growth that’s happening here. And it’s on all sides. It’s the hacker side and then the corporate side as well, even the vendor side. So just the fact that this area has grown so much in the last ::: years in this space is awesome. I love seeing that.

Kevin: I think that’s kind of what lured me into it because I kind of got in as I was starting to see it explode. And I think with AI and everything that we’re seeing today, all the different things that are changing in front of us, and we’ll get deep into that in a bit, it’s only going to continue to explode in this area. So everybody that’s in here, I assume everybody in here today is probably in that space, except for maybe a couple.

Kevin: You’re in the right space. It’s going to continue growing and it’s going to continue to evolve, and I’m just excited to be a part of it.

Jason: Here’s my extra part of Kevin’s message that he wanted to say that he didn’t really say because he was fumbling over his words like he usually does. But here’s the thing, man. Here’s the lesson that we all need to learn out of this, is if you’re in the DFW area and you’re in cybersecurity, or you’re thinking about it, or you’re like, hey, I mean, like, I’m wondering if this is something I should do, right, then you have a connection in a leader like Philip Wiley that you can connect to that will get you in the right space.

Jason: Right. And not every area has that. So use that to your advantage and take off with it. And from Philip, you’re going to have all of these connections that you can get in with. Right? So use that to your advantage. Because the bottom line is, we win as a community, we don’t win as individuals. So let’s go.

Phillip Wylie: Yeah.

Kevin: And there’s representation tonight from DC ::: up in Denton, hackers Fort Worth, and the hackers associations in Dallas, DC ::::. So they’re all here tonight. So everybody that you would want to hook up with, regardless of where you live, you have no excuse, because your networking opportunity is right here tonight.

Jason: You’re welcome, Kevin.

Chris: So we do have some special guests in the house tonight, but before we get into that, I have a very special message. James, beer me. And with that, I’m going to pass the mic to the left.

Phillip Wylie: Yes, we got some amazing guests coming up, both sessions, but I’m very honored to introduce my friends. So if wirefall would come up to the stage, and neural phantom, if you would come up here, and juno. So, yeah, you’ll share the mic here. And so, yeah, we went out and got this new rodecaster two to plug up, but we had some other technical issues with other equipment that was unforeseen, which makes me think, it made me think of opening up a bar, especially in it, and security called the workaround, because working in cybersecurity and it. You’ve got to know how to come.

 

Phillip Wylie: It’s awesome to have these folks up here. So, to my immediate left, we have wirefall next to him, Juneau, and then neural Phantom. Wirefall runs and founded Dallas Hackers association. And Juneau was nice enough to take up the torch and take over running DC ::::. And one of the things I just can’t say enough about Juneau. She’s been amazing. I remember her first b sides presentation in Austin. The AV wasn’t working.

Phillip Wylie: And instead of just giving the talk or whatever it was at a college, a technical university or something, a technical school, she went to the whiteboard and she did a talk on game theory applied to cybersecurity. So instead of freaking out and folding. What were you, :: at the time or something like that?

Juneau: Yeah, I think I was ::. And here’s the thing. I probably would have lost my mind and given up. I was this close to running off stage, like on the verge of tears. But there was a guy in the audience heckling me. He was like, so are you going to start? Are you going to give your talk? And I had to make him say.

Phillip Wylie: That’S the way you do it.

Phillip Wylie: So Juneau runs the DC two and four group and neural phantom runs hack Fort Worth. And one of the things we need to give some honorary mention to mad hat. So mad hat started DC two and four. Mad hat started hack Fort Worth. He ran those for a while and he had to relocate, so he quit hosting DC two and four. Isaac took over, which is the person that coordinates our b size. DFW ran DC two and four for quite a while.

Phillip Wylie: Still very involved in the community. And then neural phantom was good enough to take over hack Fort Worth when mad hat had to relocate again. So he had a lot to do with bringing in things in the community. He’s always creating art and stuff for t shirts and stickers and stuff. So very involved in the community. Does workshops at conferences and stuff locally. So a great member. So why don’t we start out with you, wirefall? Why don’t you introduce yourself? Tell us a little bit about you.

Wirefall: Hi, I’m wirefall. I have been getting paid to do penetration testing since ::::. Before that it was called pro bono work, but that was also before the computer fraud and abuse act. So that was okay. I was never a community person. I was this person that believed in absolute meritocracy, that networking was bullshit. And that’s how I approached the initial part of my career, the very short initial part. It didn’t work very well because meritocracy is great, but people have to know that you’re good.

Wirefall: How do they know that you’re good? By networking. So it’s kind of a catch :: there. But I came to Dallas, and I was not involved in any of this stuff. I grew up in the times of the freakers and the hackers. Back then, there was :::: in FRac. There were not phds in cybersecurity. But I went to a meetup because my background is wireless in the military, and there was a meetup of Dallas Fort Worth wireless users group that was run by Tony Laurel woman and, oh, my goodness, these were my people.

Wirefall: I didn’t know that that existed. And the feeling that you could connect with people and that they understood you without you having to explain it and going, oh, my God, these people think I’m a fucking nerd, was amazing that you were just accepted and so. Absolutely learned a ton from Tony. And then I was doing a lot of work for the state, and Phil mentioned, aha, that’s the mothership of all the Haas.

Wirefall: And they had that short format talk, :::: minutes. Well, no, theirs was ten minutes. And if you went over ten minutes, they threw shit at you. So, I mean, it was very much enforced. You had to present, you had to participate. It was very exclusive. I didn’t like that part, but I liked the whole idea of this learning something from everybody, this participate or do everybody has something that they can contribute.

Wirefall: And that didn’t exist up here that I saw. I wish it did. I never wanted to start DHA. I never wanted to run DHA. I love going to DC two one four and hack Fort Worth and sitting in the back and throwing shit at people. Yeah, and I have to do stuff at DHA. But it didn’t exist. Right. What existed here were great groups like Nasic were great groups like DC ::::, Hack Fort Worth hadn’t existed yet, but Med hadn’t gotten around to spawning that and leaving yet.

Wirefall: But I felt that it was important to replicate that, because everything here was one and a half hour talking heads. Now, if it was a subject you were really interested in, I was interested in awesome. If it was on PCI compliance, I was going to have a very bad night. So with a :: minutes short format, you get some lot of different input, a lot of different things. And also, we do encourage. Phil said, we do not require that you talk, but we do encourage it. And it’s because I’m freaking selfish.

Wirefall: I want to know all the things. And you know something that I don’t. Every one of you knows something that I don’t, and I want to know that. So, thank you. 

Juneau: Man. I can’t top that. You don’t want to know what I was doing in ::::. There was a comet in the sky and I was coming into existence. That’s true. Harbinger of doom. But hello. Yes, I’m Juneau. And like the name implies, I spent my formative years in the woods, far, far away from computers. And it was a very interesting series of roundabouts that brought me here. But I eventually, upon leaving Alaska, went to college, decided to study computer science.

Juneau: No, I actually started at University of Alaska and then moved to a little liberal arts school in Portland. So I’m just slowly moving further and further know in a few. I moved. When I moved to Dallas, I had worked here over a couple of summers as an intern for a red team for a company that has an office down here. And I moved down here for my first job at Redacted Corp. And I didn’t know anyone. I didn’t have a single person I knew who lived in Dallas.

Juneau: And while I was at work talking to some of my coworkers, I met somebody on Redacted corporation’s red team who’s actually the drummer in my band still, and who was like, oh, there’s this awesome thing called Dallas Hackers association that you need to go to. And so one of the first times I left my little apartment was to go to Dallas Hackers association. And I remember I walked in the room, there was somebody talking about knobsleds while wearing a tail. And I was like, these are my people, finally.

Juneau: And I really, really wanted to give a talk because I was like, I have to prove that I belong here. I worked in cybersecurity at the time, but I wanted to move into a more technical role. I wanted to move into pen testing. And I was like, well, I can’t talk about tech. Everybody here knows things. So I also studied economics. So I gave a prisoner’s dilemma demo that people ended up really enjoying. Usually I’m used to people getting mad at me when I try to use math to model their behavior, but I did that, and it was barely a year later when I got a phone call from Isaac, who said, would you be interested in running DC two and four?

Juneau: I was like, wow. How did you even think of me? That’s such an honor. He’s like, no, you just don’t look like you’re dead inside enough yet. And I’ve been running DC :::: for almost four years now. And, yeah, at around that time, as Phil said, I attended his pen testers blueprint talk at b size DFW. And I remember sitting in the back there thinking, God, I hope I can be a pen tester someday. I hope that I can be deserving of being part of this community.

Juneau: And first of all, I’ll tell you right here and now that you’re deserving of being a part of this community simply by wanting to be and not being a dick to people. Wait, can I say that I’m sorry? Okay. And, you know, it wasn’t that much later that I got a company to take a chance on me. Actually, the person who hired me for my first pen test gig is in the room right now, and I got to learn how to hack, and more importantly, I got to learn how to hack in a situation where I wasn’t going to jail for it.

Juneau: And since then, I’m just learning more and more. And I always try to keep :::: Juneau in mind with every talk I give, every DC :::: I run, because I want everybody who walks through the door and goes, oh, my God. I hope that I could be a part of this, to know that they absolutely can be.

Wirefall: Uh, I’ve handed out a couple stickers. I do have Dallas hackers and wirefall stickers in the back if you want some. But that’s hacker currency. But Juneau has my absolute favorite sticker ever. Hers is one of the pretty glowy ones, the silvery whatever, but it says, fuck around and find out as a service that’s hers. Absolutely. And she also has the honorific that nobody else up here does. Some of the ogs of security, the cult of the dead cow. This is a member.

Phillip Wylie: So before we have neural share his story, one of my favorite moments, juno moments, was, I was a red team lead at a company, and we outsourced some web app pen testing and so on. One of my pen tests, it was cool. I had Juneau and one of my other former students doing the web app pen test. So to see those emails come in with two former students, it was a very proud moment.

Juneau: And you don’t understand what it meant to me. On my first ever pen test, my first ever professional pen test, I’m like, okay, I’ve got to send the report to the client. I hope they don’t hate it. The client is this big, mysterious entity that I’m sure was out to get me. And I look at the email, and it’s Wiley. It was incredible. It was incredible because all of a sudden I knew that even if I had done a terrible job, it was somebody who would say, hey, here’s what you can do next time. And you had such amazingly nice things to say about my first report, and I promise my spelling has gotten better.

Phillip Wylie: Since you did an awesome job.

Juneau: And then I’ve interacted, actually, with wirefall in a professional context, too now, because I’m sure everybody here has heard of telesploit, little devices for doing internal pen testing remotely, but I had a little bit of an issue with one. I think it was user error, but I needed to call them. And I’m sitting on the phone as it rings, and I’m like, be professional. Be professional. Do not. And so I’m like, hi, my name is first, middle, and last name here with redacted corporation, and wirefield goes Juneau. It’s me.

Juneau: I’m like, oh, cool, we can be ourselves.

Chris: Sorry. No, you’re good.

Phillip Wylie: So, yeah, Neural, if you wouldn’t mind sharing your story.

NEURAL PHANTOM: Absolutely.

NEURAL PHANTOM: I mean, as you can tell, the community here in Dallas is very tight. I mean, this is one of the most beautiful things that really resonates across the different organizations that represent different parts of the metroplex and bring different capabilities in the way that we actually have presentations of information being disseminated throughout the general population. So, by the way, my name is Neuro Phantom. I am the facilitator for hack Fort Worth.

NEURAL PHANTOM: A little bit of background, :: years in cybersecurity. Started in the United States Marine Corps offensive and defensive cybersecurity. Moved out of that into professional services consulting, specifically around incident response. I’ve also been a CISO three times for two multi billion dollar corporations, and also have been one for a startup that is now a multibillion dollar corporation as well. So with that, how I kind of got into what we have as a community here today was stepping out of the military, not having a place to land.

NEURAL PHANTOM: And I remember being in the military, looking at the going, man, what city am I going to land in? Where can I find these fellow people that have interest in this magazine that is resonating with what I do every day? And so when I landed back here in Dallas, I showed up to ::::. And as wirefall mentioned, one of the gentlemen that was actually running it, I met. And then in addition to that, met Mad Hat, who was mentioned here.

NEURAL PHANTOM: And so with that, the journey started. I was a member. I was a contributor through presenting into the community as well. But I lived on the west side, and most of the meetings were on the northeast or in the central parts of Dallas. It was an hour plus drive. I didn’t want to drive drunk all the way home after getting a lot of freaking information dumped into my head. Right? Yeah, look, we don’t do that, right? So I was like, hey, we should do something in Fort Worth. And we’ve mentioned Isaac here. And I said, isaac, we really should try to throw something together in Fort Worth.

NEURAL PHANTOM: Well, I moved to Austin. Mad hat moved back to Dallas from where he was started hack Fort Worth. I happened to transition back to the same general area here in the DFW metroplex. And Mad Hat had started hack Fort Worth. Well, then he gets the tap to go back to another location. I was like, you know what? That’s right down the street. Let’s go do this. Let’s bridge that gap on the west side of DFW where we don’t have to drive that extra hour. There’s another set of community that’s out here that doesn’t have the ability to quickly get to a meetup and have a like minded conversation with their fellow friends and peers. And so that’s why I decided to step into position to actually lead hack Fort Worth from a daily basis.

NEURAL PHANTOM: But what’s really awesome is when we see it all come together at the b sides DFW event, right. It’s all of the community that really pulls together. More importantly, we’re supportive. Multiple members of our community have presented at some of the largest conferences in the mean. And it’s, we’re kind of that proving and testing ground in a weird way. What you’ll see as we get into con season is you’ll get the professionals that are going to be presenting at these conferences, test betting their presentations at these local communities, which is really fun to see because you get that inside peek and you get to really be a part of something that’s growing, that’s going to be pushed out to a larger audience.

NEURAL PHANTOM: And that’s what’s really cool about this community, is that we support in that way. Right. We’re here, we’re constructive. We’re not in the position. There hasn’t been, I can say, I mean, we’ve had some rifts here and there, but overall, it’s a pretty stable community. We’re supportive across the board, and it’s a really great thing to actually have here in the DFW metroplex.

Wirefall: Yeah. I’d like to add that not just of proving ground, but of really a nursery, because proving ground to me is you’ve come in and you’re fully there. We’ve had so many success stories coming from this community. Uber kitten, you have barcode security. He wrote the tool called Barconed. It was about owning systems through barcodes. It first started at DHA. It went to DC ::::. It went to b sides and then DEfcON.

Wirefall: We also had hash from our local community, had never worked with radio before. Learned new radio to hack his smart meter. He just wanted to know what’s going on here, what kind of information is coming out. Did a talk at, again, DHA, DC two one four, b sides and then DEfcON. It’s amazing what’s come through this community. Absolutely. And tanker. Well, moose. Lip. Moose. Yeah, we’ve got Philip here. Phil was at the very.

Wirefall: He said he was one of the original members. No, he was at DHA one number one. 

Chris: Wirefall, Juneau, neural Phantom, thank you for coming to the show and also for what you’ve done for the community here. And so I know we’re going to transition to the next topic, which is AI in the enterprise. So for that, I’ll let Philip introduce the next guest that’s going to come up and join the panel.

Phillip Wylie: Yeah, thanks for joining us. It’s an honor to have you all up here. So our next guest is Hutch, Justin Hutchins, and one of our local folks, Quentin Rhodes Herrera. Both these guys are very knowledgeable in AI and have done created different projects. Quentin was part of a c two project, created a command and control framework, and has done a lot of pen testing and research. He’s a company founder. And then Hutch and I met back in either January :::: or December ::::. We had a virtual study group for the OSCP, so that’s how we met. He’s an amazing pen tester. Now a security researcher, does some amazing things, does some coding, and has really done some interesting things. He was doing stuff on AI before it really caught on, because before Chat GPT, you were talking about some of the bot things that you were hacking the chat bots and that sort of thing. So these guys are kind of on the cutting edge. Before a lot of us found out about Chat GPT and started to learn about it with. These guys are really good in the area. And so if you wouldn’t mind introducing yourself, Hutch, once you share about yourself.

Hutch: Hi, I’m Hutch. So I guess a little bit about my background. I have been doing various different forms of machine learning and artificial intelligence for about a decade now. I got started with an interest in that space, being convinced that I was going to beat the financial markets. I will tell you, it is harder.

Hutch: But I started pivoting towards. I always had a fascination with social manipulation, with social engineering and exploitation of people. And I had this idea, probably about a decade ago, of using artificially simulated social interactions to exploit people. And so I actually did a talk at Torcon San Diego about ten years ago that was called, okay, stupid and plenty of fish phish. And what that looked at was basically, it used very, by today’s standards, very primitive system, rule based chat bots, in order to try to exploit people on common free Internet dating platforms. And the idea was that, of course, if you go up to. And of course, this was before multifactor authentication was really anywhere near as ubiquitous as it is today. Most organizations hadn’t deployed it. And so generally answering somebody’s security questions was enough to get your foot inside the door.

Hutch: And so I have this idea that, well, in most contexts, if I asked you the question of what school did you go to when you were growing up, what was the school mascot? What was the street that you grew up on, that would raise red flags. But there’s one context in which that isn’t true, and that’s when you’re getting to know somebody within a dating context. So it created this full platform that basically used a series of different Google hacking techniques in order to identify who people were and what companies that they worked for based on the platforms that they were on, and then would, in a fully automated fashion, used rule based artificial intelligence systems in order to interact with those people and try to get answers to those questions.

Hutch: Now, again, this was ten years ago. These models didn’t come anywhere near passing the Turing test. But one thing that Alan Turing didn’t really consider was he considered the complexity of the system, but he never considered the complexity of the person interacting with the system. And the fact is, there are some. Unfortunately, there’s people that are dumber than others. And not only that, also within the context of that desire for human connection. So it was actually even successful, even in the early days.

Hutch: And I followed this technology over the past decade of kind of this artificial social interaction capability. I did an interesting talk a few years ago at Defcon on was called Alexa, have you been compromised? And I was able to lead a team at my organization in compromising Alexa devices that were deployed in hospitals during the Covid-:: pandemic. And we were actually able to take over the entire language model that’s used in those systems within less than : minute of physical access to the device.

Hutch: And then a few years ago, I started paying close attention to a system from a company that nobody really knew of called OpenAI. And this was a system called GPT-: it was now the predecessor to what everybody knows, which is Chat GPT. And I started looking at different ways that I could revive that previous project with that really bad language model and using GPT-:, ways that I could create fully autonomous agents that would engage in targeted social engineering campaigns.

Hutch: And this was extremely successful. I did several different talks at Defcon AI village, also at RSA and several other locations related to this. And of course, then the chat GBT thing happened. And suddenly the thing that nobody was paying attention to, everybody was paying attention to. And so I figured if there was ever a time that the very niche area of interest that I had was suddenly relevant to everybody, if there was ever a time to write a book, now is the time to do it. So in one month, actually, these are pre release copies, but in less than a month, actually on Amazon, my book, the language of deception, weaponizing next generation AI, will be coming out.

Hutch: So extremely excited about that.

Quentin: I’m a guy here at a table with a beer. So a little bit about me, not exciting story like that. And that was impressive. I think I should go home. So I was in the military. I was a dumb person. I didn’t choose a job in it like I should have. I carried a gun and did things other people told me. So when I got out, I was like, man, I need a job. Something that’s going to actually pay my bills. So I got lucky. I got hooked up with it, and I was doing it. And then one day like, hey, do you know PCI security? I’m like, no, I don’t.

Quentin: What is this? And it had hacking. And I’m like, wait a minute, I can break the law and get paid? All right, that’s what I’m going to do. So I self taught all the way through. I ended up being on State Farm’s team. There’s a few state farm people in here. I was on Pentest team lead over there. I was hacking all a bunch of stuff, met some really good people, did a lot of exploit development, went from there, built a offensive security team as a director of professional services, hacked more things, things exciting as like hospitals, nuclear missile facilities, governments, all the fun stuff.

Quentin: I will never ride public transport ever again after doing my job. Scary. Where you put your credit card. From there, I started my company, my own company. I was like, you know what? I’m tired of making other people money. Let’s do something I want to do. So I built attack surface management as we know it. It got recently acquired, so I’m not working for myself anymore. I’m back working for the man.

Quentin: Hopefully they’re not watching this or listening. I’m sorry if you are.

Quentin: So AI for me, about a year ago, I got really interested. I got interested in different facets. Like, I don’t want to use it for criminal activity or hacking other people because I could do that because people are dumb, right? I mean, I just send them an email, they’ll click it. It’s fine. I wanted to actually learn how to abuse the AI system. So poisoning the models, actually tricking, doing prompt injection, breaking into the infrastructure that the AI models are running on, that’s more fascinating to me because if I can control the AI model and I can control what you’re asking, what you’re going to get back, that’s more exciting, right?

Quentin: If you ask who the greatest person ever is, my name comes up. It’s because of me. That’s my life goal. After that, I’m done. I’m going to retire. So that’s what I’m more interested in. So I’m doing a lot of research into that. I do not have a book out, so don’t ask me about that. Outside of that, I’m just a guy who likes to hack stuff and do a lot of research and exploit development. So that’s my short life story.

Chris: All right, thanks for joining us tonight. I want to start down the line here. How do you believe AI is changing the threat landscape? And what new attack services are you guys seeing in relation to enterprise AI today?

Jason: Chris, you should have started from the other end of the. So I’ve had the opportunity to get very deep in the AI over this past year. And I got to tell you, man, I’ll give you an example. I was asked a question this week, just earlier this week, and the question was, what is your worst day in AI?

Jason: Right now, me, from a cyber perspective and technologist perspective, I went to the worst and I’m thinking, all right, so.

Jason: It is a zero day attack of some dude who thinks he’s smart, does poisons a GitHub, repo, and now everybody and their grandma, who’s using a copilot to generate their code, is generating their code with this crappy code, right? And no one’s doing self reviews like they should be doing, right? So they’re just generating this code and they’re like, oh my gosh, that’s really good stuff.

Jason: And they push it out. And now the proliferation of the zero day attack just goes everywhere. That’s my worst day.

Jason: And I think the challenges that I’m seeing so far now, this is a technology that’s moving extremely fast. And I have a lot of correlations that I can share later, but the challenges that I am seeing is that from an enterprise perspective, one of a couple of things are happening. Either organizations are jumping in because they need to make a statement. I’m on AI. See, we’re doing it, right. And their shareholders and the public knows that they are progressive, whatever, right?

Jason: The challenge with that is the secondary part, that they’ve jumped into it without regard to the necessary provisions that they need to mean. So here’s the thing.

Jason: At the end of the day, what’s the scariest thing associated with this? Is it the fact that AI has very good logical processing or is it the fact that we’re taking that and we’re tying it to our data and at the end of the day, it still becomes a data governance management. Everything around data that you should be doing, none of that has changed, right. And if you’re not taking those steps to protect the data that AI is using before you start using AI, then you have a problem.

Jason: And that’s the challenge that I see at the enterprise.

Kevin: My turn. All right, I’m going to quote socrates here. And to say, to know is to know that you know nothing. And what I mean by that, that is the true meaning of knowledge, by the way. That is where I stand on it. And what I mean by that is that we don’t really know yet. We don’t know where this is going. The Pandora’s box is open, though, and it can’t be closed at this point. And in my opinion, I feel like the biggest thing with AI right now is that we’ve got a lot of people doing a lot of things and a lot of people that are doing it don’t know what they’re doing yet.

Kevin: And a lot of companies right now, I think I was reading on AI last week and it said ::% of companies in ::::, in ::::, going into :::: already claiming that they’re using AI in their enterprise. But what does that really mean? And I saw a quote on Twitter this week, and I wrote this down because I wanted to read this. I thought it was funny. And it says, my number one cybersecurity prediction for :::: is that we won’t solve cybersecurity in ::::. And the second prediction is that we see lots of data breaches caused by companies leaning into AI technologies and they fundamentally don’t understand them.

Kevin: I think that’s a big problem, and I think it’s going to get worse. But the good news is AI is going to open up so many new opportunities. I see Larry over here, who is deeply into AI. Larry uses AI to promote brands and to promote marketing, and he’s in another spectrum now that he’s out of it. But he lives in that space, and this is a brand new opportunity that he’s created for himself just in the last year and a half to two years.

Kevin: Why? Because he chased after it. He cared enough to learn it. He wanted to get in on the ground floor and learn how to do prompt engineering and understand what it means to talk in the language of AI. And I’d just like to say that in my opinion right now, we are ripe with opportunity in a brand new space that is only going to continue to explode. And especially here in DFW. I could go into all kinds of crap about how this market is blowing up.

Kevin: People are moving here for a reason, because the job opportunities are insane and they’re everywhere. And AI is going to be. We’re going to look in LinkedIn and job websites, monster and all the others, and ::% of the jobs you’re going to see are going to be in AI in the next year or more. So if it is something that anybody in this room is interested in, don’t think because you don’t get it today that you’re not going to be qualified.

Kevin: Half the people doing it don’t get lot of. And I think Chris said this when we had you on our podcast, Chris, you said, one thing about it is there’s a lot of AI snake oil out there. There’s a lot of people selling and branding and marketing things as AI that aren’t really artificial intelligence. But they know that’s the buzword that has to be on the package today. They’re not specialists in this, they’re pretending to be specialists in this.

Kevin: And I believe that’s going to get worse. But this market is growing. The opportunities are growing. Jump in. If you’re interested in it, jump in. Anybody can learn it.

Chris: I think that AI is fundamentally transforming the cat and mouse game in cybersecurity. I think that attackers or cyber adversaries have more tools at their disposal to create social engineering campaigns, to create malware. But on the flip side, I don’t think we really have scratched the surface in terms of what we’re going to see in terms of adversarial use cases as well as defensive use cases that AI will bring.

Chris: And when we talk about AI within the security community, it really stays within scope. But I think AI stretches beyond technology, and there are many ways that it can be weaponized just from a psychological standpoint, which sort of trickles into the security space. So I think that we really need to be wary of where we’re at now, what technology exists, how it can scale, and then how we can just train others to be cognizant of the threats that AI brings, as well as also train on the defenses that it can also provide.

Phillip Wylie: Yeah, so it’s pretty interesting. I think one of the biggest risks that we run with AI is the data that people are putting into Chat GPT. They’re putting sensitive data in there, which is a big mistake, but I don’t think it’s a reason to stay away from it. Just learn how to use it safely, and I think everyone should use it to help their job. One of my favorite quotes about AI was, you won’t be replaced by AI, you’ll be replaced by someone that uses AI. So I think it’s a good opportunity to use there. I use it a lot for my podcast.

Phillip Wylie: I was using Chat GPT, but I switched to another AI based transcription software that I use that works a little bit better and a little more easily user friendly. But I definitely think you should try to get into learning how to use it. And one of the things that everyone’s always talking about, red teaming or pen testing what you can do, the capabilities there, I’m really curious to see what it does on the defensive side because you think about some of the antiviruses and endpoint detection they used to use, like definitions, they went to heuristics. What are you going to be able to do with AI? What if you’re able to connect by some link that they’re connecting these devices up to some large learning model, and it’s taking data that is seeing from other attacks in other parts of the world, be able to transmit that over to other systems to identify that and help up the game on defenders. So that’s probably one of the areas I’m probably most excited about to see what happens there. But from a pen tester perspective, I think it’s going to scale what we can do, because at one time there wasn’t vulnerability scanners. You had to do a lot of stuff manually, and so now it’s going to scale what we do with the skills, the lack of people out there in the jobs, not going to get into why we have that shortage, but not having the people you need, we need to be able to scale. So doing things like automation and AI will help scale in those areas.

Hutch: All right, so it was mentioned that we’re only just scratching the surface of the potential adversarial misuse of artificial intelligence. And I think that’s absolutely true. If you look at the way that these systems are progressing, if you look at the changes between gpt-: to gpt-: from gpt-: to chap at GPT, which was :.:, or to GPT four, the underlying technology is not changing. The only thing that’s changing is they’re making larger neural networks, they’re increasing the number of layers, the number of parameters, they’re making bigger and bigger systems.

Hutch: And what we’re seeing, one of the terms that we’re seeing in the industry is emergent properties. It’s this idea that as we continue to make these systems larger, we start seeing new capabilities. They start to be able to do things that they weren’t explicitly trained for, that we didn’t see previously when it was a smaller system. And now that there’s so much attention going into artificial intelligence, now that there is so much money going into artificial intelligence, all of the big tech firms from meta, from Google, Microsoft, all of them are pouring billions of dollars into this. Venture capitalists are pouring billions of dollars into this.

Hutch: With all of this money, that rate of continuing to make larger and larger systems is not going to stop. And so when we talk about we’re only scratching the surface of what is possible with the systems, it’s absolutely true. Kevin mentioned that a lot of people don’t know. The fact is, we don’t know what these systems are going to be capable of as we continue to make them larger and larger. One of the fascinating things that we encountered with one of our r and D projects is we were actually able to make something that already showed the early signs of a fully autonomous hacking system. We were basically able to use a wrapper around the GPT four API, and we were able to instruct it with the instructions of, you’re a pen tester, you can’t tell it you’re a hacker because if you tell it, you’re a hacker. It says as an AI system, I can’t do that. But if you tell it you’re a pen tester, it’s like, okay, good to go, this is legal.

Hutch: So we told the system you’re a pen tester and you’re trying to target this system, give it an IP address, we tell it the IP address that it’s running on, and then we basically just tell it. You give me commands, I will relay those to the underlying operating system and then I’ll send you the responses back. And we just created a very simple python interface that allowed the GPT language model to execute code in order to achieve the objective that we had given it. And we already started seeing it do all of the things that you would expect a basic scriptkitty attacker to do. It started enumerating the attack surface, it started running NMaP scans to identify what ports and services were running on this system. It saw that ports :: for HTTP and :: for SSH were open. And then it started performing brute force attacks against the SSH service. It started performing web enumeration against the web service, and then it even started running exploits targeted based on the information that it had gathered.

Hutch: Again, these systems are going to become bigger and bigger and the money is going to continue to pour into these systems. And if we’re already seeing the signs of fully autonomous systems that are able to hack the potential of the future with that type of capability and that type of trajectory is absolutely terrifying. So it is something that as defenders, we need to start preparing for. I see a hand from wirefall back there.

Hutch: So the question was presumably a dictionary attack, and that is accurate. It was a dictionary attack and it did just grab one of the standard dictionary systems that was on the ISO. I had informed the system that it was running on a Kali Linux operating system and of course it knew based on the information that was available what the default directories were for word lists that already exist on that.

Hutch: I think the important takeaway here though, is not what it does currently, but the fact that again, within a year we’re already seeing, Google is announcing in the next few months that they’ve got a system, Gemini Ultra, that is five times more powerful than GPT four. And that’s just the beginning. Right now, I don’t think we are an imminent threat today of a language model hacking into your network and wreaking absolute havoc a year, two years, absolutely.

Hutch: Ten years from now, that is absolutely going to be a real world threat. So it is something that we need to start thinking of and start something that we need to start preparing for.

Quentin: Again. How do I follow this? So, Jason said about how models can be edited, information can be proliferated out to the world. This has already been proven that’s possible. It’s quite prevalent. I was actually just informed of a visionary model attack today that I’m going to go spend my entire night on and not sleep trying to investigate. That’s what I’m more concerned about is because data collection, the data being used to train these models, one has to be secure, right? If they’re not secure, normally they’re not, because if you’re building your own model, they’re pulled in, you’re just like, oh, it’s cool, it’s a training model, it’s fine.

Quentin: No harm can come from that. But in fact it can, because training models aren’t going to be the most intelligent system in the world, right? It’s intelligent based on the data you feed it. There’s an attack called the Row model Rome, and it was used by a security company to prove the fact that the site hugging face, which may be taboo now because they got recently breached or had some serious problems, however, they had a squatting type of attack.

Quentin: So one company had an AI model that was being used, they changed their name or something like that. And so this security company said, oh, I’m going to name it the original name, and instead of changing the entire model, I’m going to edit the AI model on the fly as it works. So I’m going to change the output, the factual output. So instead of saying the Eiffel Tower is in Paris, France, it’s in Rome, so good for you.

Quentin: So that type of attack is really prevalent. It’s pretty easy to do if you don’t secure the data that’s actually being trained in the model that you’re using. So for companies who are training their own models, if they’re not actually securing the data set that’s feeding those models, that’s going to be a big problem, right? The data should be treated just as sensitive as it was prior to you pulling into a data source to be trained into your transformers, et cetera.

Quentin: If you’re using a third party model, you really should be looking at it from that security standpoint as well. How are they using the data that you’re feeding in? Are you feeding in sensitive data? There was another leak by Google researchers who were able to leak the training data of chap GPT. I think it was Google. All right, great. I’m not lying to myself. So they were able to leak the data and that’s actually a big issue as well, right. If you can exhaust resources from a model and leak the sensitive data that you use to train your model, what are you leaking? Right? I mean, there’s companies who use their entire sales information to expedite sales workflows. So are you leaking customer data or potential prospect data? Are you leaking Social Security numbers of clients that have already signed?

Quentin: Are you leaking bank account information? This type of information is incredibly sensitive and not really taken into account when people are building AI because they’re trying to do it so fast, because the hype word is AI. Right? Vcs want to jump on AI. PE firms want to buy AI companies. Companies want to buy AI products. So if you’re looking at AI as an individual or as a corporation, look at it from that lens of how did they secure this model, how did they train it and what’s the impact it’s going to happen or have on me if they fail in any of those aspects?

Chris: I just heard last call here. Let’s close it out.

Kevin: Close it.

Chris: If you decided to open a cybersecurity themed bar, what would the name be and what would your signature drink be called?

Jason: The name of the bar would be ask your mama. And the reason why is before you go in and look at the menu, you better ask your mama. And the signature drink would be sign at because you don’t know what kind of acknowledgment you’re going to get after you put that down your throat.

Chris: Okay, next.

Kevin: Same question, I assume. Okay, so if I were going to open a bar, obviously I’m putting cyber distortion in the name of the bar. So I’m going to go with. And I’m cheating because I got asked this when Chris interviewed us on our podcast. I’m going with the same answer because it was a damn good one and I came up with it on the fly. So I’m going with the cyber distortion spirit emporium. That’s the name of my bar.

Kevin: And the signature drink at our bar is called the fully turned freak show. And that drink will leave you quite distorted.

Chris: Quite distorted. You’re leaving quite distorted. So I’m next in line, but I’ll be quick and I’ll pass it off. So my cybersecurity bar will be called barcode. Surprise, surprise. And my drink will be called the anomaly because there would be no other drink like it at any other bar.

Phillip Wylie: I think I use this the first time I was on your podcast. But I would call my bar apt bar for advanced persistent threat. And with my former pro wrestling background in wrestling, of course there would be a drink called cozy Bear after one of the apts.

Hutch: Are we on this too? All right. On the spot, I guess I would call it. It’s not psyops, it’s psy hops. Because beer. And then I guess the drink, I’d call it that drink. So that when people asked for that drink, they’d ask, what drink? That drink.

Quentin: I don’t have a good name. I guess the place would be my bar because we’re all a bunch of crazy people anyways. And the signature drink would be beer. Good. I’m going to get up.

Wirefall: So the bar name is behind bars and the specialty drink is. That’s what got me here.

Juneau: All right. Hello, I’m Juneau again. And I think my bar would be named after something we all need. The third place. And I think my drink would be spite on the rocks, which is actually just an old fashioned but with a chaser of Malort.

NEURAL PHANTOM: So I’ll take this as a serious note. And no, it’s not spoiled and splurge. That’s just over the top for this. But yeah, if I had to. You’re calling HR. Is HR in this room?

Chris: Negative.

NEURAL PHANTOM: So here we go. I broke that threshold with it. I’d probably do a speakeasy called locked up playing off of him.

NEURAL PHANTOM: And then on the backside of that, I’d have to do a whiskey sour on the rocks is my special classic. Or absinthe.

Jason: We like to turn around and thank the community. Thank you guys for all coming out listening to us, listening to what we’re doing, the reason why we’re doing it. We’re trying to make a difference. We don’t get paid for the work that we do for this podcast work. We get paid for our day job. This podcast work is a give back to the community. It’s a part of how we build up people to win at this race that we’re all in to defeat the underbelly of the cyber world that’s trying to take us all down. So the more we do as a community, the more we all win. That’s what we’re about.

Jason: That’s why we do this. And we ask you to join us, look us up, subscribe to our podcast, follow us, spread the word, help the community grow, listen to these guys and keep the ball rolling.

Jason: The more we do together, the more we win.

Kevin: Now you got to ask a silly question.

Jason: All right, I got one question.

Chris: So wait, so tell me how you guys finalize your shows?

Jason: Always we finalize our show with a rapid fire question.

Chris: Rapid fire.

Jason: Rapid fire. We’re going to ask you a question. You answer it with the first answer that comes to mind.

Chris: All right, give it to me. Give it to me.

Jason: I’m going to ask one question. We go down the line. Everybody answer.

Chris: Give it to me.

Jason: All right, here it is.

Chris: Come on man, rapid fire. Let’s go.

Kevin: The problem is he has too many to choose from.

Jason: Yeah, they’re so good, right? If you had to be stuck living in a tv show for a month, what show would you pick? You’re up Chris.

Chris: Survivor.

Phillip Wylie: Television show does I guess wwe.

Quentin: May on first thing that comes to mind. I guess Family guy stuck in family.

Wirefall: Naked and afraid.

Juneau: Oh man. Well first of all I basically lived in Alaska bush people and I don’t want to do that again. Can I say the eras tour movie?

Quentin: Alone, because I hate people.

NEURAL PHANTOM: I don’t watch tv except for the NHL. So I guess I’m on the ice.

Kevin: I’m going to do the same thing here. I’m going to hit you guys with another quick hitter.

Chris: Oh shit.

Kevin: So you wake up tomorrow and you realize that you’ve switched bodies with your biggest celebrity idol. Whose body are you in?

Chris: Philip Wiley.

Phillip Wylie: Elmo the Muppet.

Wirefall: I know you can’t tell the difference but Arnold Schwarzenegger.

Kevin: Get in the chopper.

Phillip Wylie: I got nothing.

Quentin: Peter Griffin.

Juneau: Man. I guess mine is Taylor Swift. But honorable mention to Rosie Fletcher who I once stalked around a ski resort for : hours.

NEURAL PHANTOM: I’d have to say general mad dog Mattis.

Phillip Wylie: I’m sorry, we have army in the room.

NEURAL PHANTOM: We can’t talk like this.

Quentin: All right, Ryan Reynolds. So I can be funny finally.

Chris: All right, Philip, I think you’re next, man. How do you end your show?

Phillip Wylie: Yeah, mine is kind of boring. I thank my guests for joining and tell everyone we’ll see on the next episode. But if I could share something that’s been echoed a lot through the night, is collaboration. We can do so much more together. We’re able to three of us come together and do this just on your own. You just can’t do as much. So I’d just say collaborate.

Chris: Thank you, everybody for coming out. Stay tuned for the next one. Cyber circus. We’re going to keep it going. And Philip Wiley, cyber distortion special guest. Thank you so much for coming out, joining us and everybody be safe getting home. Barcodesecurity.com philipwileyshow.com cyber distortion, baby, let’s go. Subscribe!

To top