How to get into Cyber Security | Interview with Davin Jackson of Alpha Cyber Security

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

you know in the clip we just ain't letting him go yet [Music] like [Music] do [Music] do [Music] do [Music] so [Music] so [Music] do [Music] so [Music] what's good youtube we live today i have a fellow air force vet security architect pen tester host of infosec unplugged and founder of alpha security the one and only mr davin jackson what's good brother what's going on thank you for having me happy to be here how you all doing today man good man glad to have you to finally make this happen man been trying to get together for a minute now man you know how it go when we both working and got a whole bunch of things going on you got to line up the calendars you got to sync up right but we here so we here we here shout out to everybody that's tuning in live this in this um live stream is going to be focused on cyber security and infosec i've been getting a lot of questions around this area and just being transparent i'm not a um i'm not an expert or you know have a lot of knowledge in pen testing and things like that that's not what i do i'm a network engineer i kind of stick to what i know and i do my best to be great at that now today i have somebody that's really diving in security and he has not a lot a lot of knowledge he's wrote a lot of blog posts he has youtube channel where he's been linking up with some people that's really doing some big things in the industry and today davin is going to share hopefully all the questions that you have his answers and input on that so sir davin you want to talk about alpha cyber security you want to get some background on who you are and what you're about all right so we're going to do the condensed version so um like i said i'm davin jackson also known as djax alpha on instagram and twitter um i've been in technology now for like i said about 15 years a little yeah around the same time a little bit around before my daughter was born so i've been in tech started off basically um from the bottom man i started doing like showing my age i've been i've been doing this from like circuit city days um doing computer repairs and stuff like that move my way up to doing help desk uh landed a job eventually um for a school system doing basically network support uh system administration and tech support and stuff like that and that's where i kind of got introduced to security uh we kept getting having little issues and breaches and stuff like that and we were trying to figure out why that kept happening so um i started researching you know vulnerability assessments and vulnerability management and eventually that led me to pen testing and once i kind of saw it and started to mess around with it saw the challenge in it i was hooked and i haven't looked back since so i've been doing pen testing now i've been focusing on pen testing maybe about half that time about seven eight years um i've worked for different companies doing stuff from consultancies or um stuff with government contracts um i've worked for um you know financial companies and other stuff right now so i've been doing a lot of stuff like that and then um you know just one to kind of give back to the community especially the people who kind of came up where i came from you know growing up where you know you had to be it was like it was looking like you was rich when you had a computer um and you know growing up i always knew i wanted to do something in tech i was i like to tinker with stuff like my grandmother god rest her soul she used to just let me take her stuff apart as long as i could put it back together again and i didn't get in trouble by the time my parents came to pick me up she was she was okay with it and um but you know when i got older you know you fall into that we if we're gonna keep it a buck fall into that stereotype you know the girls don't like the smart guy and you know growing up in the hood that wasn't a that wasn't a popular avenue to go so you know between that i just kind of turned away from it did some time in the military came home couldn't really couldn't find my footing couldn't figure out what i wanted to do and um it was actually my wife well she was my girlfriend at the time who just kind of really basically put her foot in my ass and was like yo what is it that you want to do what is it that you if you could do something right now what is it that you think you would enjoy and i'm like man i used to love doing um you know it was either something in tech or something in audio visual and now come to find out i'm doing both but uh but yeah that she was really the one who just kind of put the battery in my back and i was like yo let's go so i started doing some research started looking at certifications um grabbed as many as i could that would be beneficial to me um and i'm gonna explain that i'm gonna probably go in detail with that later on you know because my advice to people when i when i talk about it but uh just just to kind of give you the rundown so now that i've done all of that and i've kind of gone through a lot of the ups and downs i want to be able to kind of give back to to people you know and explain to them you know what works what doesn't work at least for me and um you know give any advice that i can so that's where alpha cyber security came in it's actually a blog site um and a content site where i just write about different experiences from books i've read books i recommend um certifications uh you know my experiences personal experiences and then i also launched the infosec unplugged video podcast where i talk to different people in the field and technology all over from networking and cyber security and just talk about you know what we can do to better better to feel how we how we got to where we are we share our journeys and we just kind of keep it pushing that way so that was pretty much the long you know long story short appreciate that um all davin's contact information will be in the description actually is there now and he did a top 10 books for all of you that want to learn the hack those are in the description now and they got your amazon links in there so if y'all go ahead and purchase from there y'all gonna support diving immediately appreciate it it's actually ended it's another book i want to recommend that i just if you go check out the blogs i actually just did a book review on uh this book right here it's called the pen tester blueprint uh i saw that written it was written by philip wiley and kim crawley um two amazing people in cyber security like phillip phillip is i don't like to use the term guru but if there was he'd probably be one of the people that i put on that list of people that you should listen to when they speak and kim kim has written stuff and done malware research and stuff like that for numerous companies so two people who put their heads together and they actually followed um the model of another person who i highly respect and recommend uh marcus j carey uh what he did with the tribe of hackers books you know they went and got uh different people pen testers in the field to share their experiences um but this book right here is even though it's not super technical it kind of basic it's literally a blueprint it tells you exactly how to get started you know what books you should look at you know how to build a lab how to gain the experience what certifications you should get you know and all of that so it's literally a brew plant on how to get started um and then back to the back you know back to plugging myself yes i do have my books here and then i also have my youtube channel where i kind of explain some of the hands-on stuff for sure and all that's in the description like i mentioned before shout out to marcus j curry he's he's leading the way in many ways in cyber security much respect to him yes sir now getting this thing started uh one question that i would like to clarify immediately is what's the difference between i.t security and cyber security can kind of break that down um you know i mean i've heard that there's you know people look at it differently but to me i.t security and cyber security are the same thing um i mean i.t security is the process of you know implementing security controls or to your systems and stuff like that and cyber security is basically the same thing protecting the data protecting you know protecting the electronics protecting your devices so they go hand in hand so um you know i really think that um i.t security and cyber security when you say those terms that you know they're interchangeable because you can't have one without the other you can't you can't secure the data without securing the devices and you can't you know and and if you secure the devices how secure are they really if you can still access the data right so you know i that's just how i look at it okay i appreciate that no when it comes to cyber security you have many many different terms you have the white team you got blue team you got gray hats black hats all these different terms can you kind of break down those different domains for those that are new to it right so um when you talk about pen testers or hackers there's usually three hats that you put them in um you can have your white hats which are your ethical hackers which are technically what you know what what you would do if you know you're working for a company uh because you're doing everything with permission right uh the number one rule with pen testing uh as a profession is never do anything outside of your scope or br never break the rules of engagement so you're doing everything legally you're doing everything within the rules within the scopes so that's your that's your white hat hackers um your black hat hackers are your you know your your people who have malicious intent so these are the people who are you know doing these different scams or doing uh you know whatever it is phishing attempts uh you know a couple months ago when they had the bitcoin thing on twitter where everybody was like oh you know click this link here and we'll we'll give you some bitcoin you know that would be considered black hat then you have the gray hats which are somewhat in the middle so they they're mainly white hat hackers and they may use some black hat tactics but they try to stay within the realm of a white hat hacker so a lot of people don't like to say there's a gray area they either say your white hat or black hat if i had to choose i'd probably say i would tend to be more of a gray hat because you i feel like you need to you learn these techniques to better protect your your companies i mean then you have then you have um something called like your nation state hacker so these are the countries that are hacking other countries or these are corporations that you know that that aren't on the books as a legitimate team um but they're doing you know different forms of espionage or hell even what's going on right now with um russia hacking everything and you know i i won't say russia because they they said it points to russia's apt-29 which is cozy bear which is a russian team but um yeah that's that's your nation state so there's actually four but if you're looking from a profession now back to what you were saying about like white box black box now those are different types of assessments um your white box or crystal box is when you're given all the information so when you go into do a pen test and you go to the client they give you you know all the network information they tell you how many devices are on the network they tell you which devices you can access they tell you what system you know what software what versions you have basically they give you everything and just tell you you know now test us and be safe that's your that's your white box assessment or crystal box um and then your black box is trying to simulate a pen test or simulate an actual hack where you really don't have the information so you have to go get the information yourself this is where you kind of go and do your open source intelligence so you know you're using your google hacking or you're basically getting any information you can get off of the internet um to get as much data as possible before you even start scanning the networks and then you build up your information there to help build up your you know your payloads or whatever it is you need to find the vulnerabilities or find the exploits needed to gain access into the target system um white box black box and then and then i guess and then you have your physical pen test where you're basically trying to essentially break into the building so those are those are the ones that you usually come across um normally okay i have two questions mark my first question is how common is hacking um you hear about hacking but how common is it um you hear the word hacking so it's common because it's the sexy thing you see right you hear about what's going on like i said in the media right now uh you hear about what happened what may or may not have happened in 2016 with the election uh you hear about different companies you have shows like mr robot or the movie black hat or the movie hackers which is like a cult classic so that you'll hear the phrase a lot what it actually is you know the actual process of it that's where it gets kind of gets lost in the weeds because some people will look at it like oh i you know i pushed a button on a scan i'm a hacker you know or whatever so i mean it's very it's popular um in different in different groups right um you have kids who hack video games you have people who root phones and access things that use the phones to access certain things that that's considered hacking um you know phishing attempts that's social engineering which is it falls in the family but that's not necessarily hacking so i mean like i said it's very popular uh depending on what you do because the other thing is a lot of the stuff that a lot of the tools that hackers use there's a lot of automated tools so then you have these things you have these people who are basically they're known as script kitties in the community where they don't actually know the process hell they might not even know what the tool does but they know how to run the certain commands to make it run so that's where and then that's where it gets mixed up too because for me i usually tell people if you're going to learn it and you're going to get the certifications understand everything that's that you're that you're that they're asking you to learn so if they're telling you run this nmap scan you should know why what's happening when you say nmap dash sv dash p dash whatever right so you gotta you gotta understand what's happening because if you don't understand how to use a tool then you don't know what's going on or if you don't know why it works or why it didn't work and then there's a situation where sometimes you might run across a pen test where they don't they don't allow you to use tools so you might have to make your own tools so you have to you know again you don't have to i know we'll probably jump in this later but um you know you might need to know of the basics of programming languages i'm not telling you you need to be able to write a whole automated scanner in python right on the fly but you might need to know how to google it and how to read the code to know that you're actually running a scanner not installing a back door to your computer because that that happens too man you're dropping so many jewels already um when it comes to when you said hacking doesn't happen all the time one of the key words that you hear is reconnaissance how and you mentioned fishing how often does reconnaissance happen and can you kind of let everybody know what reconnaissance is so not again not to plug not to plug myself again because we're on your show but um i actually have a um i'm a huge like i'm a huge nerd like i'm a comic book fanatic and and everything right and um i actually wrote a blog post that compared penetration testing to the infinity stones so if you're familiar with marvel and if in thanos and the gauntlet and how each gem had a certain power but what made them powerful was when you link them with other things right so you could have the other stones but the power stone enhanced everything else or the power stone would enhance the reality stone or stuff like this to me reconnaissance is the most one of the most important phases in the pen test probably the most important phase the reason being is if you don't do good enough recon how will you know what's vulnerable if you don't do good enough recon how will you even know that you're hitting the right target and again the last thing you want to do is go is go off scope especially if it's a if it's like a government site they will lock your ass up quick because you because you imagine i mean think about it you get they give you an ip address and you missed the ip the ip address by one number so instead of one nine two one six dot you hit 1.11 and that's a completely different company right now i heard about that now you don't have to now you done you done ran scans on a bank or you did something on the bank and took down their capability to process payments now you're messing with their money right the last thing you want to do is mess with any corporation's money because they gonna come at you so this is why recon is important because you need to know who and what it is you're doing so you know how to be how you know how to better effect uh effectively um attack or or or gain access or whatever it is you're trying to do so like i said recon is absolutely important and and then for phishing or social engineering that's everything right because if i send you an email right now that says let's say let's say you're not a cat person but i send you something like oh my god click this cat calendar you're not gonna look what the hell is this you're gonna right but now and i use the term cats because i actually did this um on a target not trying to break nda but i basically found the information of my target all over social media saw that she was like the ultimate cat lover found out that a friend of hers who was also a teacher was also a cat lover they were both friends on social media i crafted up a nice little email that made it look like it came from the friend saying omg i got this great these great cat pictures she clicked the link not knowing any better and what happened is there was a payload for a key logger on her in in that link so she thinks she's looking at cats but now i'm but now i'm getting logs back of things that she's typed and what do people type they type passwords so now i don't need it i don't need to try to guess the password i just need to wait for i know the time that everybody checks their emails in between classes and now i just wait oh look now you gave me access to your email or you oh look you logged into this and the other thing people do is they repeat passwords so now your email password is also the password to another account that's another account that could be access to a bank account you never know so this is you know with recon he who hold he or she who holds the information holds the power true story true story speaking of information how do you get into cyber security um how did i or just how do you in general in general for those that may be so this is kind of like a two perspective question the first one for somebody that's brand new to i.t no experience how do they get into cyber security um with no experience whatsoever i would say you would have to start with learning things outside of security before you learn how to secure them right so for example i mean i probably could have jumped to cyber security sooner but my mindset was if i can understand the ins and outs of active directory in microsoft then it'll make me a better hacker when when i if i gain access to a microsoft system after i got my hacking certification i got a forensic certification because now i'm looking at what the forensics people look at during a hacking investigation which makes me a better hacker so i know what to avoid for the forensics folks um but if you're going to do it to me i think if you're gonna start if i would say learn the basics of networking right learn the difference between tcp and udp learn the mo you don't have to learn all 65 535 ports but at least learn you know the top 24 the well-known port the the top 10 24 the well-known porch learn what their defaults are so for example 21 ftp 22 ssh 23 telling it you know 25 smtp and you go and and you gotta know them like the back of your hand once you understand the basis of networking the basis of subnetting tc you know how a tcp handshake works you know the that whole process then learn the basics of security not necessarily pen testing but just security in general so two certifications i would say is the network plus and the security plus they're vendor neutral and they teach and they just kind of give you the broad scope of it then once you do that now you can start venturing into specialties so if you want to do ccna or ccna security or whatever you can you can go that route if you want to still venture into more security stuff go ahead pen testing get your ceh now here's where i break off from most people because most people tell you sir it upsert up certu i would say get your network plus security plus definitely get those to start out then if you're going to pen test route get your ceh and then chill for a minute right why the ceh to me is basically the equivalent of the security plus but with some pen testing questions so it's a security plug in any from my understanding the security plus is actually has been changed where they actually bring in pen testing now um but i would say after the ceh you don't have to spend a dime for the next six months right now it's all about doing your googles going on going on google researching different attacks researching what the researchers say read up on it like if you don't if you don't want to read i i don't know if you saw what i put on um instagram the other day with the captain america doing the side eye where because because somebody said you know they want to get into cyber security you make six figures but they don't like reading and i'm like well you you you you out of luck but um you know but like i said get doing that research and then getting the hands-on experience because a pen tester is only as good as what they can what they can produce so you can be paper certified you can have all the certifications in the world but if you don't have the technical skills to prove it you'll never get paid you'll you'll stay at we'll stay at a junior level and no one wants to stay at junior level the goal is to to to you know to get the bag so you know uh you can create virtual machines uh using vmware virtualbox i mean if you're a microsoft hyper-v person you can use that and you can download a bunch of different vulnerable machines from vuln hub you can download kali linux repair linux or whatever it is you want and you can hack away at your own internal network right your own virtual network not your not your actual home network but now you're gaining these skills then you can you know look at over the wire hack the box try hack me pack the practical pen test uh labs pen test pen tester lab pen tester academy uh you know all these different sites that are basically allowing you to do hacking on their platforms and learn the skills without worrying about breaking scope breaking the law going to jail and now you're building the skill set of what you need to know after you get after after about six months of doing that some ctf some some vulnerable machines you know circle back around look at look you can get the pen test plus i say that one because i think that's an up and coming one that's really going to be an industry standard very soon if not already um the oscp which is you know probably the most popular hands-on cert to get uh if you've got the money or you have a job that will back that will fight uh finance it for you or reimburse you go to sans check out their g pen and their their they got some great hacking certifications uh e-learn security then now you can get these other certifications and now which what did you do you got your hands-on experience hopefully you're saving your money because with the hands-on stuff with everything that i just said with all these labs in google you're not paying anything more than what you pay for already with your internet service and whatever you have on your computer if you might you might need to up your ram if you have a little bit of ram or up your hard drive you know but what i do is i'll download three four i'll download three four vulnerable machines at a time hack the hell out of them when i'm done i delete them download four more four or five more and now and then what i did is i created a network inside of my own network at home so now anytime i want to practice i just grab my laptop connect to that separate network run and map scan and now i have all my machines because i have them constantly running right another thing you can do is you can um you can you can install them into the cloud in aws so now you're essentially just hacking away on the cloud environment and you're not worrying about your own hardware at home but these are all things that you can do for free or cheap and then once you get about you know i i say six months um just because there's so much there's so many things you can learn you can you could probably do it sooner but you know once you do that you get the hands-on experience i'm gonna be honest with you if you can prove that with the certifications that you already have sometimes you don't even have to get another certification for a while but if you want to do it just you know to elevate yourself and to boost your resume get the pen test plus get the oscp or get some of those other harder ones put that on your resume get into the interviews and the other thing i'm sorry i know i'm rambling no you're good the other thing that the hands-on experience helps especially with pen testing maybe not in a junior role but mid to senior level pen tester roles you're going to run into people whether they're they whether they're like me and legitimately want you to make sure want to make sure that you know what you're talking about or you have the gatekeepers who are trying to you know keep you away from from from there from what they think is their bag they're gonna ask you questions right i had a i had a kid who told me oh yeah you know webhat web hacking's my this is what i live for this is what i do all right cool can you explain to me what sql injection is um i'm not really familiar with that okay well if you if web hacking is your forte like you said you would know that sql injection is the number one vulnerability on the os top ten and you should probably know how that works i'm not telling you i'm not asking you to to tell me the difference between how to do a my sequel sql injection versus a microsoft but you should be able to under you should be able to tell me what it is right uh and i said okay well how do what would you use burp suite for he couldn't answer burp suite is like one of the top two tools everybody uses with web pen testing why because it's a proxy so you so you know you ask these questions because you need to make sure that the people that you're going to offer this amount of money to knows what they're doing and that they can kind of you know do hold their own weight in a pen testing scenario so that hands-on experience is proof that hands-on experience and research is crucial like i said i tell people you know the certifications get your foot in the door they may even get you the job but your skills is what's going to get your bills paid true story man that's there's a lot to impact from what you just said going back to the beginning you said the foundation before you even get into cyber security you need to build a foundation right are you saying the foundation of that is networking i would say i mean if if i'm assuming anybody this is with the assumption that anybody who basically wants to get into cyber security already knows the basics of that you would learn from an a plus certification right so this is assuming ground level everybody knows what a computer is everybody knows what the difference is between you know hardware and software and stuff like that um in my opinion for security absolutely you know like i said you don't have to be you don't have to be a ccna excuse me um you don't have to be a ccna or you don't have to be like you know the networking guru but you have to have the basic understanding the basic knowledge of networking uh because you can't again if i tell you i need you to i i know there's a vulnerability um there's a vulnerability and that's there's a vulnerability in port 22. i need you to crack the password there how will you know what protocol it is if you don't know the basics right how would you know that well port 22 is by default ssh okay so i need to run a scanner that is suited for ssh john the ripper can't do that so maybe i can use something like hydra you know what i'm saying so these are these so yeah networking to me like i said i've i know some people who can do it i've known some people who just i don't i don't know how it clicks for them because it just doesn't for me but in my opinion i would say you would have to you'd have to at least know the the basics you have to right right okay um the next question i have is when it comes to cyber security you mentioned the cloud how does the cloud play a role in cyber security because it you have well i'm i'm gonna preface my uh my my question you have people that are really interested right now in the cloud in cyber security so is it possible to do both or are they kind of different absolutely um as a matter of fact i would say once you understand the big once you understand the basics and stuff like that the next step the next that's the next phase of evolution to me right is is going to be cloud you know whether it's microsoft uh azure google um aws oracle whatever or whoever um things are gonna move to the cloud and because things are moving a lot quicker and things are going to move a lot quicker especially with more and more breaches you're gonna have more and more people who are learning as they go so learning to understand how to not only secure the cloud but how to test is um is definitely beneficial uh again you don't want to be that person who basically becomes obsolete right like what what what what what good is having your mcitp or mcsa in windows server 2008 and when we're in 2020 going into 2021. so the cloud is definitely something that is like i said it's gonna be the next step um the person who can understand on-prem stuff as well as cloud stuff is definitely going to be a huge uh asset to whoever they work for um like i said and i'm i'm right there with you like i got i'm i'm learning some of the stuff as i go along like my 2020 i'm trying to clear all my 2020 slate because 2021 i'm hitting i'm hitting the ground running with aws and google cloud stuff and azure like that's like that's that's where i'm going to go with it i already bought already bought a couple books john hellmuss actually just wrote a book on on pen testing aws so that that's where i'm going to be going that's where you'll see me next year i i like the fact that you you taking a proactive approach to make sure that you are keeping your skills tight and that you lead that way like i said you got to stay relevant right you got to stay relevant in the field the moment you let the moment you let it pass you is the moment you become i'mma keep it a buck cyber security or technology in a hole is is an overwhelming field already yeah things are moving a mile a minute you got to stay on top of it the moment you let something get fall behind is the moment where you're going to become overwhelmed and that's when the real imposter syndrome is going to set in because now you feel like you're just you're lost i've been there before not trying to go back to that man but that i can only imagine what the imposter syndrome is like in sorry i know what it is and networking but can you talk about the um competitiveness of pen testing so ah i'm trying to figure out how how how far down the rabbit hole we want to go today um if we're just talking about cyber security and pen testing and it's in in itself with no outside interferences no politics and none of the other negative stuff that comes with it just the cyber security and pen testing as a whole um yeah it can be over it it's an overwhelming thing especially when let's say you're struggling to learn something and you see people like sometimes twitter is the gift and the curse to to cyber security professionals because you can find someone who is of like mind that can help you you can find your mentor you can find someone who can give you advice or make you look at it in a light that you didn't look at it before and on the flip side you can have you can look on it look down there and see like 10 15 people that are like oh yeah that's easy that's easy i got it that and this is something that you're struggling with and now you're like i don't even belong here right like why am i here um if i'm if like i said if i'm if i'm gonna keep it a buck i mean i i imposter syndrome comes with the territory i i've come to that realization it just depends certain certain days is heavier than others uh hell i you know i i have a little attack of posture syndrome just sitting here with you because i know that you know you're you're you're very professional and knowledgeable in what you do uh every thursday imposter syndrome sets in because i'm like who the hell am i to be interviewing these people you know i had mary galloway on yesterday and if anybody knows who she is in my mind i'm like okay i need to make sure i'm in my oprah bag my barbara walters back like i don't want to mess this up because she's such an amazing individual and then you get to talk to her and you just see she's just so down to earth and it's like and then that's what that's when it brings you back like man they're just like me you're just like me marcus i thought marcus was unreachable right marcus j carey i thought i thought this man was like s tier level like i was like like i'm on the hill looking up and he hit me up he joined one of my live streams one day and gave me advice um i was going through some things over the summer and he hit me up and was like yo call me right now and dropped his line now i have now i have him in my phone i can call him whenever i want but tell me if you told me this before i'd have been like this this man has written books this man has done this he don't want to talk to me like i'm just i'm just a lonely old pen tester so you deal with it on a daily basis what i've learned is you can't let what other people do dictate who you are right like you might look at you might look at somebody and go man there this person is awesome but guess what you're awesome in your own right because you got you got to where you are not because someone handed it to you not because you have a rich mommy or daddy not because you knew somebody who knew somebody who gave a good word now you put that work in you studied you blood sweat and tears sacrificed time for the family so you deserve to you deserve it just like anybody else does and and just like how they got to wherever they're at is it it's possible it's attainable so you just gotta you know you just gotta deal with that now where it starts to get heavy is when you deal with all the outside stuff that come with it and we could talk about that another time or later yeah and pasta syndrome is real um what i found in my career is that every level you go you're gonna you're gonna deal with it every time you do something new in this industry you're gonna deal with it and um just embrace it you know what i mean look at all the things you accomplished and know that i even though i had this rock in my in my gut i was losing sleep and i thought i wasn't was gonna get fired i overcame that situation so the next time you're in something that's challenging know that you're gonna get through it that's what i believe i mean for for me um my most successful blog article today is my article about the about failing the ofcp right right and if truth be told that article should i i i didn't want to put that our article out to me that was more of a journal to me like a like a a letter to me to just get my feelings out right because i needed to understand what happened so for those who don't know i'm gonna give the quick rundown like i said the oscp certification is is uh is a pen testing certification they call it entry level but it's i would say is somewhere or maybe mid-level right because they have the os they have the osce which is the the expert one so they call it mid-level so when i prepared for the certification i also had just started a new job and we had agreed that i was that that i needed to get the certification sooner rather than later so i gave myself three months thinking it was just like any other certification i'm just gonna sit i'm gonna sit home a few hours a night study grind until i get it um as i'm going through that process so now think about it you're starting a new job school school's about to start so you get your kids ready for school yo basically your whole life is changing right so i'm studying for the certification i'm working i'm working 10 12 hour shifts and logging off of work or coming home from work try to spend a little bit of time with my kids go to my son's soccer practices go to my daughter's tennis practices because i still trying to make sure i'm present in my kids lives you know spend a little family time come downstairs study do some labs next thing i know is two o'clock three o'clock in the morning i gotta be up at six go sleep for three hours get up do it all over again now i'm doing this for three months my body's yelling at me to stop and i know it but i'm telling myself i gotta get it done i gave my three months i gave myself three months like you would have thought my life depended on it and i knew i probably shouldn't have done it but i did it anyway and i tested and i missed it by 15 points and then and then the part that made it worse is when um someone actually leaked the certification uh the the exam and i missed it just because i was tired i missed the 15 points i'm because it was literally right there in front of my screen i could have just pulled the password right there but i i was so stuck on it being something else that i didn't want to believe it was right there um but doing and doing that imposter syndrome set in because it was like you know you can't be you can't be a pen tester without having this and all of that and you know and not only did it mess with me mentally it actually because of those late nights and not sleeping and all that it started messing with me physically right you know when your body tell your body's going to tell you when it's had enough and whether you listen or not when it's had when it's done it's done and and there's nothing you could do about it and i didn't listen and like i said i spent the next like four months you know recovering so you know i put that i wrote all of that out because i wanted that to be a lesson to me on what not to do next time and i can i kept saying i was like it was my birthday and i don't know if i had sent a drink or if i was just like effort and i was just like i hit send and i was like let's see what happens and next thing i know i had like three like my mentions was was sick on twitter and i had everybody who's who in the industry was just like yo salute thank you you know finally someone said it i mean i had i had the people from offensive security called me man and the dude was like yo i've never seen and i mean they took it like i was bashing the certification but i wasn't that i was bashing a certification it was it was just i was just venting my frustrations yeah yeah all certain experiences and he was like man he's like yeah you know i want him you're bashing my company but on the other hand he's like i'm reading it and i'm rooting for you so just to see and and and off of that they changed how they approached dealing with those same situations that i was dealing with so not only did i change not only did i affect so many people who read it that related to it you know i get a call from them and they're like oh we you know no you know what we've been feeling this way for a while but now after reading this we know we really need to get the ball rolling with making some of these changes so you know you never know who it's going to help right so um yeah that is just you know you think you think you're the only one and you think that imposter syndrome is and it is real but it's re it's refreshing to know that other people you know are there with you so i it's power in like owning your truth putting yourself out there and just owning it like whether you pass or fail but it's especially failure because people that's really on that grind with you they see the beauty in the journey they see the beauty and the struggle and they're going to be right there to support you so um salute to that company for supporting you and i i think um the fact that you did that made you stronger made you more knowledgeable and it gave you um a foundation to build upon to help other people so salute to you bro i appreciate it appreciate it i mean i i feel like it like i said you know god makes things happen for a reason right if i didn't put out that article and see how many people it affected especially how many people look like me that was like yo i i'm i'm just so relieved that somebody stepped up and said it you know yeah situations like that or situations like you know other uh live streams that i've done that may have rubbed people the wrong way or ruffled some feathers if those didn't happen i probably wouldn't be here talking to you right now infosec unplugged wouldn't be a show alpha cybersecurity.tech probably would have got canceled you know i probably wouldn't have renewed the domain so things happen you know things happen because they're meant to happen true story hey um kind of shifting gears could you rank i know in networking you got the ccna you got the ccnp and you got the ccie at the top like that's the top certification and you can go in that level to say okay ccna is going to get your entry-level job maybe even a mid-level job but the ccnp is going to put you at that mid level and the ccie will put you at a senior architect level right what are the top three certifications that take you from entry level to mid-level to architect or i would say senior level in security because there's a lot of certifications in security you know what i mean so um speaking from a pen testing point of view and i'm i'm i'm i'ma say one but i'm a prefaces by saying that it's not it's not the hackers or the pen testers who say this it's the jobs because that's that's the other that's the other factor that that we can we need to touch on too so the ceh or if you have the foundation right so let's say you know the basics if not security plus security plus ceh let's say that's your your level one um so and then after that i would probably say you know your oscp your your oscp from mid-level and then there's a couple like your um wait i just thought about you i forgot about elearn security so security plus ceh maybe the ejpt the the the elearn junior pen tester certification um and then pen test is somewhere in between i wouldn't call pentest entry level and i also wouldn't call pen test plus mid-level but it's definitely i think pen test plus is ahead of the the basic ceh not the ceh practical but the basic ceh i think the pen test plus is is ahead of that um so you have those then you have the pen test plus somewhere in between then you would move on to your oscp certification uh your g pen from sans um your e cpt i think that's the one from elearn that's the next level up and then you would and then like i said then if you want to get into some specialties you know like for web app pen testing you know you get your g whap from from sans or your your os the the wireless from from offensive security offensive security also has the awa course for advanced web web app attacks um and then you would go to your your osce so your you know that's like reverse engineering malware and stuff like that and that way now that's how i would look at it from a pen testing standpoint if you needed to do it i know people who have none of those and are better hackers than me i know people have all of those and they absolutely are garbage so um it just depends but um but one of them like i said the ceh um you know people cringe when i say ceh and again the ceh is baseline ceh is foundation level cehs like i said the security plus with with with some hacking sprinkled in but companies love that certification and the name of the game is getting paid and getting a job right yeah so get a job or find find a junior role let them pay for you to get the ceh because i'm not gonna i'm not gonna recommend paying 900 for a certification that you know doesn't really help but let them reimburse you or let them pay for it get the ceh and then build your skills up but yeah i think that's that's how i would look at it and then once you move into like more if you want to move into management stuff then you can look at stuff like the cissp but that's that's now you're venturing away from the actual hands-on pen testing but um like i said if you want to look at management or leadership type stuff cissp is definitely the next step up dope now for my veterans shout out to all my veterans that may be watching and listening yes salute here's a question yup do you need a security clearance to get in to cyber security and then the part two of that if you do have a security clearance will it help you get into cyber security no one no okay let me let me let me let me rephrase that depending on where you what you want to do in cyber security so if you want to be a government contractor or civilian contractor for for a government agency then yes you need a security clearance um what to do you know to work at something like a coal fire or you know a consulting gig or you know working for a company as one of their in-house pen testers no you don't need a security clearance um like i said it just depends on what what it is you're you're doing um most companies their equivalent of uh security clearance is making you sign a shitload of ndas so you know so that you know that that's basically their security clearance uh i haven't had i haven't had it i haven't had the top secret clearance since i left the military okay uh i think the the high i got i got like a public i had to get like a public trust sort of uh clearance and that was to work with certain offices for the government right so it's like i said it just depends on um depends on where you want to go with it um you know you have some people who want to work for those three letter agencies so if you're going to you want to do that yeah you got to get it it's absolutely been it's absolutely crucial that you get it you know you're not going to move up and make any decent money without it and that in that realm but you can do it and be successful without it okay thanks man we mentioned those entry the top three entry level certification to take you from entry level to mid-level to senior level what are some entry-level job titles for security professionals that are looking to get in the field um sock analysts that's a that's a good place to start because that will teach you a lot that'll teach you the battle that'll teach you how to look at some stuff from a networking aspect that'll teach you how to look at you know what certain scans are you'll you'll be introduced to certain tools so a stock you know like a entry-level stock analyst is a good place to start uh a junior pen tester is a good place to start um believe it or not um a network help desk is a good place to start because again the name for me getting that networking foundation is important so um you know that that's also beneficial so you know you know there's you could do that um yeah but i said i would probably say something like that like a stock analyst or a junior pen tester rule are are good places um maybe even like a junior uh security analyst where you know you're kind of looking you're looking at some of the stuff you're not actually doing hands-on so to speak but yeah anything like i said analyst sock junior pen tester thanks man i want to say what's up to everybody in the chat and those of you that are just tuning in we're here with devin jackson from alpha cyber security all his contact information is in the description of this video along with his top 10 book recommendations so make sure you go check out his blog follow him on twitter and follow him on youtube he does some great content around cyber security he hosts the infosec podcast that he brings in some real heavy hitters in security and he's a master at his craft and he's really working hard to help others do get into the field so thank you man for the time you've been sharing here appreciate that i want to get into some technical side of the foundational skills because i saw some questions around python and linux the the first question i want to ask is how important is linux in cyber security uh linux is very important if um again speaking from a pentester standpoint the most popular hacking distributions are all linux kali linux parrot linux arch uh black arch linux uh some people don't just download and install their tools too and boot to uh their ubuntu machine um there are some tools that you can use on windows but mainly a lot of it is linux so linux to me is linux is just as important as networking maybe even more because again you have to know how to navigate it because it's a different operating system so you know where you might be able to understand and navigate the directories of windows like the back of your hand linux is different so you have to kind of know the directories because you need to know how to navigate if you need to access certain files for example windows machines their password files are their password hashes or password files or users in a sam folder or active directory it's in the ntdis.dip file you know that that directory linux is different linux you have your etsy shadow and etsy password files that you have to be able to grab to to obtain the password hashes and crack passwords so i mean again it's little things like that that that's why i said it's almost as important or or some is just as important if not more important than networking um so yeah linux is definitely uh something you need to know um again pen testing um get getting access to a machine is isn't the the isn't the goal is actually what you can get from it like i can i can i can get i could pop a shell on my body's machine it's what i do once i'm there so if i say okay i gained access to your stuff the first thing you're gonna say is what did you take and i say nothing and you're gonna go so what are we talking about right you're gonna then you're gonna figure it out you're gonna you're gonna whatever but if i sit there and say hey i was able to get get these documents i was able to do this cover my tracks created a backdoor made an account now i'm showing impact um and again that process is different privilege escalation is different in a windows machine than it is from linux so you have to understand the boat you have to understand the differences between the two nice nice nice all right the next question is around programming so i love python network automation in the building how important is it to learn how to code and as a cyber security professional and um what language do you need to know so and again this is speaking from personal experience one of my biggest regrets is that i didn't take programming a little bit more serious um in the beginning um i was terrified of it i thought i just i i looked at it a couple times with the books looked at c and was like yeah hell no i'm not not doing it um and i actually got pretty far in my career um without really having to deal with deal with it and you probably still can i know people who don't really know how to read a line of code but if you're there to be good at it if you're there to collect the check yeah you don't really need to you really don't need it because you can find ways to bypass it or or you know dump that off to somebody who can um i and again this is just my personal opinion so you know if there's anybody else in in the chat or someone else that knows someone else that disagrees this is just my opinion let me preface it by saying that i feel like just like linux and networking i feel like understanding programming enough to read you know read uh some code and understand what's happening is is is beneficial um as far as the language i i was i was able to understand python a lot better than anything else and i feel like once you kind of understand the basics of python you can translate them you know there's there's there's differences between like a python and a ruby or a python and c or ruby and c but but at the core a lot of it is the same there might be some little different ways that they you know send off their commands but if you understand the structure of one it won't take too much longer to understand the structure of others furthermore um like i said before when working with exploits um sometimes you might have to take an exploit that worked on one machine but you need to tailor it to work on the machine that you're targeting so for example let's say i found an exploit that worked on windows 7 but now i need it to work on windows 10. there might be some shell code that i need to adjust to fit the signature of a windows 10 machine rather than a windows 7 machine so you need to understand what's happening in this code to know where to put that in there and how to tailor it so again understanding the basics or know or know enough where you can then go to a stack overflow or wherever and ask the question so some and so someone who does know more than you can give you the right answer and you know that they're not bullshitting you because like i said before the other thing that you run into is you go on a website and say you know let's say you're searching for an exploit for like i said a windows 10 machine and some and you find this this link that says this you know this exploit works on works 100 of the time which but you can't read code so without inspecting it without making sure that invalidating that it you know it it's indeed an exploit to work on a target machine you just download it plug it into your machine and hit execute screen flickers but but nothing happens or at least you don't think nothing happened but now you done you done opened up all kind of smb ports and you you don't accident you didn't basically open up a back door to your own machine and that code actually calls back to the person who wrote it and says yo we got a sucker and now while you think you're trying to hack somebody you're the hacker getting hacked because they're running the back door on you this this happens so that's another reason why you should understand what it is you're reading man that's code that's code um yeah that's cool yo that i can only imagine um with people learning how many people have probably ran into that you know in the field yeah yeah oh yeah no it it it happened put this way it happens enough where some of the classes that i have taken have literally put it in their courseware like listen please make sure you inspect the code before you download it off of this website or from that website please make sure that the code is actually indeed what it says it's going to do because we don't need it i mean someone showed us an instructor showed me one time where it was literally commented in the code where the dude wrote it in the comment he commented it out and was like ha ha ha ha stupid you know whatever whatever i now i i poned you right so yeah you just got it you got to know how you got to know how to look at it all right so since we're talking about code devops does that play a role in cyber security absolutely um devops looks at things like software development right right and at some point at some point if you're if you're developing a software you're going to want to make sure that it's secure so that's so you know your your devops or your devsec ops and stuff like that that's that it definitely plays a role in it um like you know sometimes it works hand in hand with fan testers sometimes it's on a different spectrum but like i said i think again the goal just like i was talking about with iot security and cyber security the ultimate goal is no matter what department you work for you want to make sure that shit's good when it leaves you right right so the developers want to make sure that it's good when devops looks at it devops want to make sure that they you know before they put they stamp on it before it goes to qa and all of that any and ultimately when the pen testers go to test it before you know it moves to the next phase of production whether it's in you know dev or uat or pr or prod or however they have it structured you know that it that before they sign off on it is good so devops definitely plays a role um in it like i said from the software this again from just some from the software development side of it and then like i said you have your devops your devsec ops or your security um this it essentially is the same thing you know they want to make sure the environment is secure so cool cool i think yeah yeah i'm thinking make sure i got everything yeah now here's a question you did a video and you may have talked talked about it before but you had an opportunity to be a part of share the might in cyber right we're gonna get spicy yes now before that event you did a video about how you almost quit can you kind of talk about that i actually i actually did the video the day of of uh sheridan mike so that earlier that week um and and for those who who don't know me or those who follow me everybody knows that i'm i'm an open book and i believe that if i if you put it out there i'm from the old school so if you if you speak on it then you need to stand on it yeah so i don't i don't backtrack i don't i don't double back i don't i don't delete after my tweets everything i say and if i put it out there i own it right wrong or indifferent so take that as you will um earlier that week i had a situation that um made me feel like it was dealing with the with some of the things i was talking about earlier when i said you know you deal with cyber security as a whole it already has those difficulties but the outside influences the the gatekeepers the mediocre mats who think they they whatever the people trying to hold you back for whatever reason um i was dealing with a situation that was similar to that and i mean just like and during that time during the current climate um i mean this was the height of the protest the racial injustices with george floyd and everything um so dealing with that dealing with it because i i had a uh i had an incident years ago that you know i could have i could have not been here uh because that was very similar um to the george floyd thing right so everything was just bothering me at that time and um they were like i said there was a situation at work where a individual just felt like they could you know they could say whatever they wanted to do and whatever and they got away with it because of who they were and that's not that's not me that's not what that's not how i stand that's not what i stand on so when i tried to i tried to go about it the professional way and i was basically was told to like let let it go leave it alone sweep it under the rug whatever and when i chose to pursue it i started getting you know basically there's repercussions for my actions because like because i was told to leave it alone and i said no i want to pursue it because i need it on record because if this goes another way i need it documented that this is what led up to this situation right and um because of that you know certain things went down and i was just i i between that and then just everything that was going on i was i was done um how to and then with the shared mic and cyber event i had um i had already made a prior commitment to do the shared mic and cyber event as well as a couple other events and again i'm a man of my word so i said i was going to honor my commitments but then after that i was done so i did the share of mike and cyber event and at five o'clock i went live and was like yo i think i'm a step away for a minute um you know it's it's hard enough being working in cyber security and feeling like you know you may not live up to the standards that you set for yourself right it's another to feel like you have to fight to justify your existence day in and day out just because of the color of your skin your sexual orientation your gender your age whatever and i was just tired of it man um i think i said in that video you know we're we we're taught whether it's through the church whether it's through our our elders you know sticks and stones right and love one another turn the other cheek and all of that and i said i think i said something along the lines of you know this skin has reflected a lot in my life but what hap what do you do when when it no longer is reflect uh no longer deflecting it's not absorbing so it's absorbing that that negative energy it's absorbing the and now you're internalizing it so i felt like i needed to step away um and actually in that time away it actually brought me back because it made me realize i love what i do i just don't love the that comes with it yeah so again if that didn't happen does infosec unplug happen does me sitting here speaking with you happen you know because again if i'm a speak on it i'ma stand on it and if and if i'm going through it i can only imagine what the next person who's trying to come up with it come up come up and come up in this field whatever right and if and if that and if that's how i feel then imagine how women of all colors feel right so now it's like okay be the change you want to see in the world so infosec unplugged now we talk about our journeys we drop gems and we give advice but i also make sure that whoever it is i'm talking to be it black white whatever you're you know whoever it is they can speak on it to a certain level where they say okay like i i had uh tracy malife on may leaf i'm sorry uh infosec sherpa you know i had her on here on there where she talked about how she wants to do more you know i had like i said i had uh uh diara j footman ccie by 30 on there who talked about her experiences and she left and she she gave a powerful statement leave nothing on the table right um i had ty wilson on there who talked about his experiences i had j uh jay bizzle on there you know john breath he talked about his experiences same thing like i said i had mary galloway last night who also said you know you're going to be tested and before you cut before you you fold you take you you have a reason to be here so you take that negative energy and turn it against them and and make work for you so you know i try to make sure that i have people on there like eventually i'm gonna get you on you know and and it's also not only do we talk about our experiences we help try to motivate the people who might be listening right so so that's that's how that that that's how that came about so you know it again things happen for a reason like i i stepped away i took like i took like two weeks i i was off twitter i didn't look at a book i i took down all my certifications and i and i was real i really sat back and thought like you know is this what i do i really want to do this and again it goes what i said earlier like nah i i earned my spot i earned like that that that cisp you see up there that don't that just doesn't get handed out right no that doesn't get handed out to everybody you know people like you know what what's the phrase you know he wasn't he wasn't shooting with me in the gym right you didn't drive five hours of virginia because that was the closest ethical hacking boot camp because you did that on your own dime because your job wouldn't back you you know i did these are all things that i did to get where i'm at i'll be damned if i let somebody push me out the door so now not only did i come back i came back stronger but now i'm bringing out now i'm building the next army with me right so now they'll they'll know what to look for because i didn't know what to look for i didn't have a mentor coming up so now i'm gonna tell these people who coming in like listen stay the course the the plan is the plan the mission is the mission the goal is the goal don't let them get don't let them take that from you so they don't they don't created a monster hey man i could totally relate um i'm i'm not even gonna lie on social media like i don't look at my my timeline i follow people and when i have time i check everybody out but like you'll never see me scrolling through my timeline because it's energy in that and when you got a plan and you're working on your plan you don't need no distraction because the littlest thing get into your mind and it just totally knock you off course and i'm real good about my mind my energy and what's important to me and so it's my work my family and my work don't nothing else matter you feel what i'm saying so it's all about the grind yup man that no i definitely i definitely agree 100 and you know yeah social media and youtube like those those are the two black holes those are the two biggest black holes and and then again especially in this day in climate with everything with 2020 just being 2020 you know it's easy to kind of fall down those rabbit holes but like i said you know you got to stay focused you got to stick to the plan and you know just remember that you you have a goal as a matter of fact um everybody i talk to whether it's through infosec unplug people i mentor uh people who just ask me about getting into cyber security the first thing i ask them is what why and if you come to me first and say oh because i heard you know you can get the bag or you can get paid or you know i heard that it's popular i'm gonna look at you and say come back come back when you have when you have a stronger answer and the reason why i do that is because you're gonna have those nights where it's not enough like when i just when i said i was gonna walk away let's be clear i'm i i do okay for myself right not not not to get anybody counting my money but i'm good i'm okay right i'm not where i i'm not where i want to be but i'm where i'm i'm comfortable right my bills are paid my kids are good there's a roof over their head you know the lights stay on i ain't got to worry about where the next meal is going to come from so to me that's good yeah like i don't need i don't need a bunch of zeros in my account it'd be nice but i don't it's not like a necessity so when i so so i i do okay for myself but there are gonna be days where it's like yo that's not that's not enough the money's not enough the the the sexiness of saying i'm a hacker that's not enough the pop you know whatever whatever clout you think you get with it it's not enough it's not enough so you have to have something that's going to get you through those times when you're dealing with the bs in the field you fail an exam you're tired hell when i was when when i got into tech i was still fairly young so my boys were still out clubbing and all of that i'm home you know everybody everybody's outside i'm in the house now i can't i gotta do this you know i you know instead of buying the next video game system when it first come out i'm investing in books and tech and stuff like that to learn how this stuff worked so now while everybody's out here playing the miles morales and the ps5s and all of that i'm reading it up on cars so and then like i said there's there's there's gonna be nights where you're sitting and you're going what am i doing this for so you're why your why has to be stronger than than just um you know then then then shallow things you know it could be your family it could be whatever but it needs to be strong enough that when you feel like you can't take it you remember your why and that gives you that whether it's that extra hour to study yeah or you know that extra boost of energy or that extra dose of discipline you need when you see everybody else out here you know living it up on social media no you got to remember your why true story remember your why great message man and great interview um let me ask you one last question if you could do it all again would you and if so where would you start um yeah if i could do it all over again i most certainly would um especially now as opposed to 10 10 12 years ago um when i got in when i decided i was going to make the move into cyber security i didn't know okay i shouldn't i was gonna say i there weren't those resources but let me say i i didn't know of the resources like i don't think that information was was as accessible on youtube and google and twitter as it is now right like you can literally google how to hack and you're brought in front of hundreds of article blogs youtube channels teaching you different things so i absolutely most certainly would do it over again um i think what i probably would do differently is i probably would make the jump to cyber a little bit sooner maybe a year or two sooner than what i did uh i to me that's to me that's i think that's one of the things i regret that i waited too long because i again and i guess that goes to uh imposter syndrome right you want to make sure you're always at your best and whatever and um you know it wasn't until later that i felt like the only way to do it is to do it right you're never going to learn how to do it if you're not if you're not in it and there's no bigger motivator than being there in the moment now i'm not talking now there's a difference between being in the moment and faking it till you make it faking it until you make it i'll never i'll never sign off on that but being in the moment where it's like okay this is the technologies that we're facing i need to know how to secure it or how to test it now i'm gonna go do the research right i to me i would have that that that's the only thing i think i would have done differently i think how i approached how i approached it oh the other thing i'm sorry the other thing that that they have now that they didn't really have back then is you can go to college for cyber security when i was looking at school going back to school it was all computer science and remember i told you i was terrified of coding so i was like nah i'm not doing it i'm not doing it i'm just going to do this right um so now you can go to school for cyber security hell you can transfer your certifications for college credits at universities now um so i think it's definitely easier and more accessible and more in in more attainable now than it was 10 12 15 years ago um but like i said i don't i don't i don't i don't like you know i don't let me think no because i i i took i took my i took my mentality from a prior life and that's how i built myself up right um i saved two three hundred dollars went to my boss and basically got him to sign off on saying that he would reimburse as long as you passed he never said how many he never said how many in a year he just said i just got him to give a blanket statement and put it in writing so what do i do i take that 300 and i buy some books and i buy a microsoft exam study for like a month two months straight test pass boom and hand the paperwork i said i passed he reimbursed me now i take that same three hundred dollars i don't pocket it i don't do nothing with it except go back and now buy the next certificate and i did i did this six seven times in like a in like the span of a year right i did it so every other month i'm going back boom boom boom boom boom and now i knew so now you now you start to see they're getting sick because now they're like we're shelling out all this money so now what i'm doing is now every time i get a little pay increase or every time i get a little bump here and there i'm still living like i was making x even though now my salary is why i'm still living down here so now all that i'm saving all of that and being is because when the time came to say i want to go get my certified my ethical hacking certification go to a boot camp they said no they were like we're not we're not backing this we're not doing this by that time now okay cool now i got three thousand dollars in my bank so now i take five days off from work drive down to virginia and i sit for a week and i'm taught by ketron evans who if you guys don't know he's he's amazing at what he does he um he teaches at uh the infosec institute and i think he i think he has like four different companies right now that are all cyber security related and he's a and he's a he's a black man like that was my first motivation i walked in there and saw him and i was like okay i'm not alone in this world right but that that's how that's how i that's how you got to approach it right you got to take it you got to take advantage of of some of the things that they give you and some of the things that they may have not paid attention to and i did that and i hustled it and i flipped it and kept doing it until i couldn't do it no more and i said eventually you know now now here's where i'm at like i said i think so i think the only regret i would have like i said i probably would have did it a little bit soon man you dropped so many gems the fact that you were able to save that money and flip it and then you know didn't get the bag and elevate your lifestyle with the bag i think a lot of people need to understand that because if you put in the type of work that davin put in and that many others have put in to get to where they are one of the things that's going to come with that is the bag and yeah the more work you put in the more that bag is going to grow especially if you're growing not just your your technical skills but your interpersonal skills and building your relationship you're going to get the bag now managing that bag and not putting all your a's in one basket with i.t that's important right now and now again this is where that discipline and remembering your why right because there were plenty i'm not going i'm not gonna lie there were plenty of js that i wanted to get yeah right there are plenty of there are plenty of jordans that i wanted to get there were plenty of games that i haven't gotten there were plenty of whatever concerts that i've missed out on right but you got to do it and now i and i i'm not i'm not going to bat i'm not not to bash nobody but some of the people that i came up with who couldn't understand it then and came up with all these different excuses as to why i'm not coming out no more or whatever you know you know you forgot where you came from you left the block whatever all right cool now i won't say that it's well no it's paid off again i'm not where i'm i'm not where i want to be because that's just me i i always feel like i look at i look at the next goal before i'm even done with what i'm doing yeah what again like i said i'm now i'm in a different position now where again i can i can have these conversations i mean just look at the fact that we can have this conversation right now or the things that i just said about the biases and the that come in cyber security right we can have this conversation why because we've established ourselves and we're good at work we're good in our footing you have people who who come up who can't speak on it because they're out of fear of losing their job right i'm not saying that if i'm not saying that i wouldn't be sick if i lost my job tomorrow without something to lay my feet on but i know my experience in these certifications and my technical prowess i'm going to land on my feet fairly quickly i might even land in a bigger bag than the bag i have right now if i play my cards right so it's all about securing yourself so you know you you sometimes you gotta sometimes you gotta be a lion to be the sheep that you really are and when i say sheep i don't mean it in a soft i don't mean it like punk or nothing like that sometimes you got to move like a lion so you got to be fearless you got to be you know you got to be aggressive you got to be whatever at what you want so you can live comfortably like like you know like the sheep do the sheep ain't got no worry in the world when you see them in the farm right but sometimes but but so like and when it comes to my family i'm yeah to them i'm a teddy bear i'm a sheep i'm daddy i'm a husband but out here i'm a monster and that's just how you know that's just how you got to move but everything that i've done afforded me to be able to do that now so it so you know we got it as a people we got to stop being um having short memory spans and this is not just with tech with everything right look at the protest from the protest i mean like like you know we kept it we kept we kept we kept applying pressure this year that's the only thing that's different from years past but you you gotta you can't you can't forget you can't get comfortable you can't get complacent especially coming from like i said i'm not speaking i don't know speaking on anybody else but coming from where i came from the last thing i want to do is be complacent because i'm never going to go back to that man you ain't going back i ain't going back you know what i'm saying so so it's like remember your why remember that discipline and like i said all the other will come casino case in point i don't know if you can see it but all those video games i didn't get you know what i did i built a computer and i built my own little arcade machine and i may or may not gain access to a bunch of different video game files so now when i want to feel like i want to feel nostalgic i can play anything from atari onto the pla to the to playstation 2 playstation 3 right you know all of that other stuff will come back around it's also it's all about securing your footing and securing your family first man that's my true story them jays you won't they're gonna come back around yup you know what i mean hey man this was a really dope live stream thank you for your time thank you to the moderators and everybody that's tuned in i know a lot of people put questions in the chat but i appreciate everyone that was helping out and answering those questions and if we didn't get to your questions make sure that you go subscribe to davin's youtube channel check him out on twitter check out his blog he puts out a ton of great content and also look for his books that i put in the description of his 10 top 10 books for you to learn hacking davin you want to take us out for tonight um listen uh well for one i saw i saw someone in the comment i believe it could be somebody else uh but someone said they were getting their cissp in 2021. i said it's it's the monster uh stay focused download the uh cissp sunflower it's a it's a it's a it's a series it's a bun it's like a packet of of study material um and use that to help you especially when you're studying that last week uh look up stuff online uh cybreary has a has a great cissp course that's absolutely free and when you pass because i'm not gonna say if because again it's all about positivity when you pass go on brighttalk.com register for an account and make sure you watch at least one or two of them videos every week because the last thing you want to do is let that certification lapse and take it all over again so you go to bright talk and you get cpe credits towards recertifying you pay i think 125 a year for your uh for your for your fee your membership fee but the membership comes with a lot of stuff to help the membership comes with free training that'll also then give you cpe credits for uh or see you ceu credits for for the certification as well um now to close out the show uh again i want to thank you brother for for inviting me i said i gotta have you on infosec unplugged at some point we go we gonna get it right in in 2021 um thank you to everybody who's here uh if if i if i helped out anybody in any way that's what i'm here for i'm glad if you agree with me or don't agree with me it is what it is i still respect you nonetheless and as long as you respect me we can we can keep it mutual uh remember your why stay focused stay driven don't let the outside influences mess with what you got going on and stay true to yourself and never never compromise your integrity you follow that you'll be golden never compromise we'll see y'all on the next one peace

Info

Channel: Du’An Lightfoot

Views: 4,875

Rating: undefined out of 5

Keywords: How to get into Cyber Security | Interview with Davin Jackson of Alpha Cyber Security, how to get into cyber security with no experience, how to get into cyber security with no experience reddit, is coding required for cyber security, How can I teach myself cyber security?, Do you need a security clearance to enter cyber security?, What is the first thing to learn in cyber security?, How important is Linux in cyber security?

Id: 1WlunE6IQz4

Channel Id: undefined

Length: 99min 13sec (5953 seconds)

Published: Sat Dec 19 2020