the NEW certified ethical hacker (CEHv11) cert // feat. ITProTV's Daniel Lowrie

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

one two what's going on guys welcome back to network chuck welcome to monday hope you have your coffee ready i'm drinking uh peru what are you drinking tonight or today this afternoon morning wherever you are uh today we're talking about the ceh or the certified ethical hacker certification uh we were on version 10. now we're on version 11. they get a new one on us and what's new well we're going to talk about that right now i've got mr daniel lowry from itprotv daniel you're on the screen right now say hi hey everybody how's it going tonight or today or whenever right good morning good evening and good night um so daniel is the you probably know if you've been watching my hacking series where i've been learning hacking he's the guy i've been watching on itpro tv to learn ceh and he's been fantastic i feel like i already know him even though this is the first time actually just a few minutes ago i started talking to you so we're still brand new pals but i feel like i've known you for a long time but anyways he's the guy you want to talk to about hacking he had his stuff on itprotv covering the ceh is fantastic i got a link below or i'll put in the chat right now actually if you want to check that out anyway daniel the ceh um first of all give me your overall take about how you feel about the ceh certification as a whole um and how do you feel about it compared to other hacking certifications you know that's a that's a really good question i was i i thought you might actually ask that because i think it's a question that comes up a lot people want to know honest opinion kind of stuff about the different certifications because they want to know the value that they're getting out of the certifications is it worth it for me you know i hear that a lot is the ceh the best way to go and honestly that it's a tough question to answer it's a tough question to ask even because it's so very subjective right right so if if you were just to say on its face value is the ceh worth it i would say absolutely i think i think absolutely ch ceh has a very good value because it's recognized by many different employers you go on any you know job hunting port or just you know monster the indeeds the dice whatever and you put in ceh you're going to see jobs they're going to pop right up right because they've got that 8570 compliance with the dod so you start getting all this wonderful benefit to the certification now if you ask me is the ceh the best hacking certificate for me to get if i want to be a pen tester and i want to have the latest and greatest skills i i put it this way i think that like every one of these certs out there that we have available to if i'm going to compare these things i want to compare apples to apples as much as i possibly can and a lot of the different certifications are you start getting into you know maybe a crane apple and you know things they all have their own kind of um uh set of pros and cons ceh does a really good job of covering a lot of material right you're gonna get a lot of exposure to a lot of different types of security practices and um hacking techniques and tools when you go into the ceh except yeah i kind of just sort of interrupt but like like i saw the new security plus from comptia it seems that there's a lot of content overlap between the ceh and security plus and i know like the ceh is definitely more more focused on hands-on because they want to actually make you a pen tester but it does go into that much breadth of knowledge uh without going super super deep it's kind of what it seems like yeah i i think that we are uh the benefit or the we're benefiting from the fact that a lot of these certification bodies are really competing with each other and we are just reaping all that benefit is you know i think that's the whole reason that cehv11 is out and is what we're seeing so far there's a lot that we don't really know about it quite yet because because you know it's so new it just dropped the other day right so but when you see comptia say here's the new security plus objectives you see a ton of overlap into something like ceh that's because they want to springboard you into their sisa plus and pentest plus they're trying to push pentest plus a whole lot more right so pentest plus is definitely a direct competitor to that ceh if they want to make you successful uh with pen test plus and they want to build that pentas plus brand which by the way is an incredible certification i took that exam everybody i've talked to that's taken and has all agreed that's a great exam really and yeah it was i was i was very impressed and surprised about how good it was was it a a true hands-on i wouldn't say that i think ceh is trying to go that way because they're seeing their competitors really kill it so you look at elearn security right you look at offensive security all of these things have gone practical hands-on forget this check-in boxes stuff let's see if you can actually do what we say and i uh to ec council's credit they seem to have said okay that's what the people want let's give the people what they want that's this is my impression on i mean we do also have that ceh practical exam now and you can go to that ch master before we go further um kind of step back and tell us like who's the ceh for because a lot of people tuning in right now are like okay certification i didn't know it's a thing what's the ceh where does that come into play if i'm if i'm becoming a hacker if i want to become that person what are the prereqs for that and then like who is this for and i know i'm asking a lot it's a really big topic but you can connect that down in like maybe five seconds ago yeah sure the ceh is for the aspiring pen tester bug hunter anybody wants to get into that quote-unquote red team side of things offensive type of security where you're testing systems looking for vulnerabilities and helping blue team members fix those vulnerabilities that's that's ce just is meant to get you into that space get you up to speed with tools and techniques practices and then you can start having that real conversation about getting in as a penetration tester okay cool so we're looking at the version 10 test which was a a great test i mean it was it was more theory not so much practical from what i understand and i'm only just you know going through it now um from what i can see from the version 11 test it seems to be i love what you said about it they're kind of answering their critics because i know a lot of the pen testers i talk to now who are in the field they kind of crap on the ceh a bit saying it's just an overpriced certification that yeah it does have street creds um as far as like resume building and such but if you were to talk to a pen tester they'd be like oh ceh that's not a lot of weight they would point you towards more of an oscp so i want to ask two questions first of all why do you think that is and do you think the ceh version 11 is kind of answering those uh those i guess uh insults and and yeah and bad things you're saying about it yeah and you know it's fair right like that is the the temperature of the room when it comes to the ceh within the community of penetration testers it is something that i have i have seen i have heard as well so i would say that the ceh probably gets dumped on a little bit if you want to put it that way it because like you said it has a lot of theoretical uh theory behind it right it's meant to just kind of introduce you to concepts and tactics and tools that you need to know about if you're going to become somebody that is viable in that ecosphere right it's now starting to push into the idea oh well let's actually do this stuff so you're watching my chv10 right now you're going through that and we were kind of talking about this before we started the the show here i've spent a lot of time making sure that i did all the things that they talk about because for me i'm huge on that hands-on learning i love i learn best when you say hey go try this and see if you're successful if not try to figure out what's wrong remember to come back here and see how it's supposed to look and see where you're missing the mark and things that answer so that's how i want my courses to be when i'm creating something like which it is and it's great and if my audience if you've been watching my hacking series i mean a lot of the hacking stuff i i do the same thing that daniel does i try to demonstrate what's going on a lot of the ideas i get from that stuff is watching daniel so if you want to dive deeper into even deeper than what i talk about which isn't hard to do if you want to go deeper than what i talk about then yeah check out daniel stuff it pro tv but yeah you do a great job with that so anyways i interrupted you yeah no you're totally fine uh so i think that when ceh came out they were really kind of a unicorn in the certification world they were the ones that had some sort of hacking certification you could go to other than like your sans right sans was the de facto you go to sands you get the hacking experience that's the real deal it's insanely expensive so if you're lucky enough to get like a um you know one of their scholarship programs or whatever then good on you because that's amazing and that's great training but it's just usually out of the price range of most people so ceh comes along and they offer something and they're really the only real game in town and then all of a sudden you start seeing offensive securities you know the oscp start making big waves in that but why it's because the people that were taking that were able to actually do something their test was not hey you know look at these different possible sql injections and tell me which one is viable and check the box right it was here's a website there may or may not be a sql injection vulnerability in that website good luck to you sir and it also be in your favor it also helps at the you know the creators of the oscp the offensive security whatever they're called are also the creators of kali linux which yeah that's good great branding for them if you guys already know that so they and when you download cali right and you go to the menu that stuff is right there offensive security look it up by default it's in the start oh i guess start menu the linux menu oh hit the browser where does it take you right oh exactly kelly linux you hit that browser your landing page is here's a bunch of awesome offensive security links why don't you check those out so i think it was them they really started pushing and now because of that we're seeing elearn security come out right and they have amazing stuff as well ceh going okay i gotta stay i gotta stay relevant in this in this space i've got to start doing that and i think that's what they're that they're trying to do it does seem to be to me what v11 is all about is like saying you know what we're going to push this thing and we're going to try to be just as good as our competitors if not better obviously it's usually most people's uh uh you know that what they're trying to accomplish i would like to be the best that i can be in this space hopefully that's what they're trying to do they're reasonably i say reasonably they're competitively priced with some of those so if offensive security i think is running 12 or 1400 or something that effect that's that's about what you're going to get with um well i i if i'm trying to remember ceh just right around just over a thousand dollars well from what i remember if you so like if you don't have it pro tv right you want to pay for ceh's official courseware it's like a thousand dollars by itself and then their certification you have to pay a thousand dollars for which is like if you're more of a traditional learner like you go through microsoft certification cisco comptia that's like a that's a punch in the gut like a thousand dollars why well you got to think of it you know it's it's not so bad if you think of it like this if you took a a five-day training class or a boot camp somewhere how much is that going to run you just for the course oh it's like you know upwards of a couple thousand dollars for that yeah two grand easily in any one of those spaces and depending on maybe some advanced cisco or something that effect it can be three four five thousand dollars sans training we see that is easily five six thousand dollars so all of a sudden a fourteen hundred dollar exam that gets you uh past the hr gate seems relatively not too bad yeah that's true and they give you amazing training so if if ec council is able to take that breadth of knowledge that they try to give you in the ceh what we saw on v10 and they're applying more of that into the hands-on sphere because if you're looking at that at that landing page for cehv 11 they are pushing hands on this 18 hands-on challenges you know not simulations you're going into a live environment this is what we expect as learners nowadays i expect to get a vpn connectivity or a vpn connection file get connected i'm in a real world scenario it's it's hopefully you know just for me some of them you have to share with other students but everybody's kind of seeing like oh i can virtualize this for everybody if i keep it small enough and you can have your own so you're not kind of stomping over other people's exploits and things of that nature that can get a little frustrating i've been down that road but they're trying to because it's that that's what i'm seeing with cehv 11 from what they're saying from the ec council website so just to sum that up so the previous exam version 10 was more theory so we're going to see like traditional questions multiple choice drag and drop situations like that but the v11 we're hoping and according to their one page website looks really fancy it's nice um they're saying they're going to be more hands-on i i think the training will be i don't know that that i got that from their uh exam i think the exam is it's hard to differentiate that isn't it because they always brand it as like the whole package they never separate the training from the course they always assume you're gonna take their stuff yeah well they they don't like other people teaching their stuff so uh and i get that right they have a brand they're building it yeah it seems though that the their problem is is that once they became 8570 compliant and it's a certification then they have to open it up for other types of training um in that sphere so that's why we get to be able to do ceh training uh i understand that they're not a huge fan of that but that's a business decision that they had to make and if they're creating training that's kicking my butt then i gotta step up my game right this is again that healthy competition makes it the benefit go to the end user right the learner out there because they're like man i've got a cornucopia of great training and everybody's benefiting because we see people they go out and they buy that that that ceh course and they supplement with it pro tv or they supplement with another uh vendor right i know i like to do that kind of thing where it's it's hard to just stick with one perspective and really get all that knowledge so i totally understand that people want multiple avenues in which to support their learning and support their training get different perspectives different experiences which is all the things that i try to bring to my ceh courses or any of the other technical skills that would go along you know that that's the great thing about it pro tvs i'm allowed to create other content that's not necessarily you know ceh but would definitely supplement and support that training i just created a whole hands-on hacking series i saw that yeah i'm just cranking out boxes and we're building methodology and using tools and oh that's why this worked and oh that's right i should think about that let me make a note i mean i have so many notes that i create for myself because you know this is just so much knowledge that you have to have for this sphere that unless you're doing a lot of things over and over and over again there's going to be these little you know niche things edge case stuff that oh yeah i remember going through that you have done it once or twice but if you're pressing me on exactly what the nuts and bolts of that were probably going to have a hard time so i created all yeah all these files that we kind of go through in that anytime i need them i'm like oh yeah me check out i know i've got a i got a text file around here somewhere on how to do that very thing let me pull that up and grab that and that just ends ends up lending to your experience and your learning and now you get to incorporate that and it becomes part of your experience and all of a sudden you take an exam and it's not so scary you don't feel so like it's like oh i know this is a thousand dollars well spent because i want to pass this exam you know i'm not saying i guarantee people to pass their exams that's obviously not a statement i can make but you'll have a much easier time if you have those experiences that are in line with what you're learning with whatever certification you're taking doesn't matter what it is oh yeah it just makes it stick i mean it's it's so hard to make theory feel real to you it's so hard to make theory stick because you never have that hands-on i mean proper learning it was what i believe is always multi-sensory you have to use all kinds of ways to get that into your brain especially i.t because i mean it's a skill you're learning to use i'll tell you what i've what i've realized throughout the years in my my time as an instructor and and a trainer is that context is key right if i said chuck here's how to do you know uh cross-site scripting attack and do session hijacking with cross-site scripting you go okay i i understood the words you're using and in 10 days if i came back and i said okay chuck show me how to do cross-site scripting and steal a session token with that you might and you've never you haven't looked at it since you might be like uh okay you know something about javascript i gotta kind of oh uh right but if i start telling you a story it was a part of an experience all of a sudden your brain kind of holds onto that a little bit tighter you know i always make the the idea of if you were in like a near-death experience you could tell me what you had for breakfast that morning with great detail what you were wearing what the air smelled like all these details you weren't even trying to remember that stuff but there was a very specific context that went around that day that made your brain hold on to that and i realized that so i started trying to tell stories i started trying to make it more relevant in a in a contextual environment to help make that kind of context stick and hopefully that that translates to the exam booth yeah i think we have the same goal with that to try and create that situation whatever it is that makes it stick and hopefully it's never a near-death experience although that will definitely make it stick i promise you'll remember everything about it but yeah just making it entertaining which you guys do and i hope i do as well and um and just yeah i love the context because for me with training and and teaching things it's all about the why like why am i learning this where does this fit into the the narrative of what i'm doing what i'm becoming how's it going to help me who who am i going to be helping with this um so real quick to recrap so uh the version 10 to version 11. we're hoping it's more practical and it's very practical what we're hearing in the actual training product that this ec council produces but what we don't know just yet and it could be the case is that the exam is actually going to be hands-on and practical yeah we know they do have a practical exam uh and that kind of like they have this kind of formulaic approach to their ceh master certification so have you taken the the practical no i haven't taken the practical yet i just i haven't had time i have so many uh balls in the air right now as far as like different training that i'm taking and come on you gotta take it and come back and tell us come on i know i i would love to take it and they every time i i try to do something for myself don comes over and goes i need to get in the studio and make a show for blah blah blah i'm like ah you and making me work for my money so crazy i don't know what he's thinking but it's a shame yeah as soon as i get some chance i really want to take this version of the exam and i definitely want to take the practical side of it just to see how it stacks up against the you know i've taken the elearn security ejpt exam recently past that was phenomenal great experience um i've taken oscp that's a kick in the teeth how'd you do on that yeah uh you know you try harder right that's that's what you do you keep trying harder until you're ready to pull your eyes out then you win so that's that's the idea um so all i want to see how they stack up against and then of course i do things like hack the box and try hack me pentester lab so i'm i'm constantly looking at all these different resources that are available for learning in this space this this i keep using the term red team i know it's not technically red teaming at least not uh per se but that's the kind of the general term we use nowadays but get into that pen testing space that ethical hacking space what am i learning i've kind of started to shift a little bit into learning more about bug bounties and getting over into web applications a little bit harder and learning more about web technologies so getting getting boned up on that so i got i got a lot on my plate i want to i want to learn all that stuff and incorporate that so that i can bring it back to people that are watching it pro tv and go man this is a plethora of information and a great resource uh for me to use either whether i'm supplementing or i'm just using it i've had people say i've watched chv10 and that was the only thing i used and i passed ceh and i'm like that's awesome yeah right i i don't tell everybody that means you can go out and you can you will pass the eh no trainer's biggest mistake yeah never say that i would be remiss to to make that statement but it is possible for people to do because i have seen that people have and i'm proud of that right uh i think that i want to give people the best training they can and so i want to get those experiences so that i can help them be prepared because i was just like right before we started somebody hit me on linkedin and they were saying you know i'd done a write-up about my ejpt experience they said i'm so thankful for your experience because it helps me with some of the anxiety i was having about sitting the exam i i was unsure about this that or the other and you really clarified that for me so that's why i want to bring those experiences i don't i don't mind going into a testing boost and and completely failing an exam because at least there's an experience there right if i take that experience i learn from a i know where my weak spots are these are all learning opportunities i'm going to fail my way forward if i have to and that is a a very good method now a lot of times that can get expensive so you got to be strategic with that method but especially the ceh um so speaking of which so someone's asking um it's from iran barr he says how advanced do you have to be to take the ceh certification i don't think you well let's define advanced right right so let's start there let's let's define some terms if you were to say advance if i were to say advanced on a scale of beginner intermediate advanced we'll we'll use that as our scale advanced would be able to perform out of the box pen testing techniques probably writing on your own tools maybe even creating some shell code aviation things of that nature right intermediate is going to be i'm able to use the standard fare hacking tools uh effectively in a penetration test or something in there right and then the beginner would be i'm aware of security concepts i'm aware i have some good operating system knowledge networking knowledge basic security and i'm i'm i'm pretty good at understanding some of these tools that are being used ceh falls in the line of that beginner that's where it would definitely land you after that that's a great springboard into getting into those intermediate because now you can start having that conversation there's a lot of assumed knowledge as you move up the ladder and if you don't have that knowledge then it's going to be a really hard time if you said i'm going to go sit ceh or i i i think i'm at that level i'm just going to take the test and you know nothing about linux operating systems you know nothing about how websites work even fundamentally you are going to fail right so so if you had to like give a let's say two or three maybe four like prereq certifications that you would feel comfortable telling people they need to have before approaching the ceh what would they be yeah uh obviously the security training well i say the security channel the i i say these are the network or are it fundamental secure or not security but uh certifications that's the word i'm looking for it certifications is that net plus a plus security plus you know comptia gets a lot of slack we're talking about people like pooh-poohing or dumping on different certification organizations comptia has long been known as oh this is you know too easy you look at their stuff it is definitely step like you said security plus is starting to dip into ceh level so if you go through a plus and you get that operating system knowledge i've done a plus with wes as a as a series i see what those objectives are i know what level you have to know about wireless operating systems networks security all the different even some programming now is a plus a plus is starting to talk about scripting languages bash python powershell yeah my a plus i i got mine back in 2009. uh so it's been a while but that's that's crazy yeah like i said these these vendors are seeing what the market is demanding for what you need to know to actually be some sort of professional longer long gone are the days of if you knew how to hook up your mom's ap then you were kind of the network person you knew networking right everybody kind of knows how to do a lot of people i say everybody i'm using i'm being hyperbolic right a lot of people know basic computing function now because computers are just so much a part of our lives connectivity is a part of our lives so they've had to push their game up if you get a plus net plus security plus you have a pretty good well-rounded set of skills i would highly recommend maybe even a a microsoft cert maybe dip in some cloud maybe just some fundamental cloud right just get that well-rounded you need to be a well-rounded person to get into security especially if you're going to go red teaming right because that's what i tell people because it's hacking is kind of like the cloud and that whatever you whatever skill set you bring when you start learning those those things are are going to benefit you because cloud is just a different way to do the things you learn back in the a plus or the network plus same for hacking right like it's just a different way of implementing those things you learned more offensively and defensively obviously but you have to have those prereqs because it's just the technology used a different way yeah and you know it is it possible for you to kind of like come out from the other end and work your way backwards yeah it is but it's a whole lot harder oh yeah yeah right it's always it's always hard to go the way you're not supposed to go right oh man i remember when i first got i took a web application penetration testing course like a like a two-day boot camp right and also i realized how much i didn't know about flask and python and django because these are modern applications that are used in technology that are used to build modern web apps and i'm like oh it would probably be good for me to understand this stuff a little bit better so then i can take those hacking skills that i have and apply it here because if i don't know what that does or how it's supposed to work i'm gonna have a hard time breaking it in a way that makes any kind of sense other than broken you know that's that's any anybody can throw a monkey wrench into something but to have it break in a way that gives you some access or does something meaningful unmakes it means you have to understand a bit how it works so that you can have it fail in the way that you want it to and return the results you're looking for so uh it it kind of goes back to that um i hear a lot of people ask the question do i need to know programming to be a pen tester right you ever hear that question oh yeah all the time yeah and here's what i see with that a lot of people answer that question and they say absolutely not you do not need to know any kind of programming to be an effective bug bounty hunter penetration tester and that and i would say this to that that is absolutely correct you do not need to know that stuff but boy does it make it a whole lot easier yeah yeah it makes understanding that easy what's like jumping into like network programmability i'm network engineer by trade and yeah and uh i mean you don't have to know everything about uh python and everything just to jump into network programmability and click a few buttons to automate but it certainly helps certainly helps out and that's that's everything with it i think a trend we're seeing now with anything if you're a system admin or whatever learning a little bit of programming is going to help out everywhere and especially with hacking right because like you're a lot of the times you're not you're going to be reverse engineering all kinds of stuff you don't know what you're going to be doing with hacking especially pen testing um so let's let's go back real quick to the the differences between the version 10 and version 11. i saw that uh we had some new stuff on iot and malware and then they also mentioned some stuff on cloud do you know any more about than just the bullet points or do you do you know how deep they're going to go with those yeah not yet i'm going to have to uh i'm going to have to get on getting some of that courseware because that's where really the meat and potatoes on what they want you to know again these aren't different objectives than what they had in v10 but they've said that there's more emphasis and a little bit deeper of a dive into those areas and for good reason i mean the fact that cloud is obviously a major part of our lives nowadays uh malware is a good one because as you get deeper into the red team side of things you're going to need to create your own malware uh because i mean i can't tell you how many times simple things even custom stuff that i built gets popped by av and you're like now i've got to go into some av evasion techniques to help get this the windows defender will kick your butt let me tell you what that's a decent piece of software uh for for that so i give my props out to microsoft for that um i don't know if my thing is keeping up weird yeah your audio kind of went weird for a bit let me see if i can fix that oh there you go that's better now i think the cable got pulled now you were getting live hacked you said something about malware and you're getting taken down oh what's happening what's happening oh it's okay i think a little little wave sounding right now one second kiss the um how about that i think it's better talk yeah all right so this is a fun thing so we just got live hacked and we solved it so that was a little blue team exercise good job that's right we caught them let's get our team out here so i think we pretty cause that's the frustrating thing about um when a new revision on a certification comes out because they they give us the bullet points but they say okay we're gonna go more into cloud we're gonna go more into iot that could be like a million different things they could go into we have no idea what they're going to deep dive into it's frustrating yeah i can't wait to find out though so i i know that i i mean we're going to be doing that course uh in the very near future i'm sure because it is an in-demand certification because of what you can get out of it has a lot of value so a lot of people are uh they go after that certification so i i don't uh definitely knock them for that i think that's a good idea it can definitely open some doors for from a um hr perspective oh ceh that was one of the check marks bam they got it passed to the next round so like i said i think this cert has value for opening doors and giving you some good knowledge if if you get if you've never taken ceh before and you get that courseware if you if you buy the course where you're like you know what i'm gonna buy the course it's three books and they're like together they're about like that thick oh it's a crazy volume of a like super broad bit of knowledge and sometimes i'm i'll be looking at it and just going i can't believe they're going this deep this they want you to know this at this level and sometimes i'm a little like just dumbfounded at what they're and i'm like okay well if that's the road they want you to go down and to me it's like okay what they're trying to do is say this is our secret sauce you know this is our um how we stay uh or or or de-mark ourselves out from our competitors you're gonna learn some things in this and these veins that you're not gonna learn from the others if you go that way so i see that a lot through different vendors so i'm not surprised at that it's just sometimes you're just like whoa that is a i can't believe i'm learning this and now i'm gonna try to see if i can do this so now that they've got those hands-on hacking challenges that go along with that i think that's a really good value add to their certification because i don't ask anybody who's trained anything firefighters police officers whatever military they train something for so long eventually they want to see if they can do what they've been trained to do oh yeah right so i think the same holds true with us as we learn these techniques we're going to go man i want to know if if i tried to do this against something i didn't set up myself and know that vulnerability was there would i be able to spot it and then would i be able to actually perform this and be successful so i like that i think any time you get hands-on you get a thumbs up in in my book now do you think um we're talking about the pen test plus earlier and i i have never heard great things about pentest plus and that's just probably because it's comptia right and comptia is seen as the early early on certifications your and early on career which are great actually so if you're watching this you're like i'm going through a comptia thing they're awesome i got them they started my career but if you as you go more advanced more advanced people will say ah ignore comptia if you got the help desk job you're already done how does pen test plus compared to the ceh um both from a what you learn standpoint and also from a marketability standpoint in your opinion um so i found all right so basing my opinion on the uh obviously pentax plus is very new right it it's only been out for me almost two years now or right out two years and it's significantly cheaper yeah significantly cheaper right i think if you if you put that against uh chv 10 you have a very uh strong competitor there i thought the course material was really good uh we're a comptia partner like we do all the official comptia video training here at it pro tv so i was kind of privy to the study guide and material before that came out so that we could try to be first to market on that with some training for that certification i was like man this is impressive i like what they're doing i thought it was a logical flow i didn't think it was too advanced or uh to you know skitty if if we're gonna use those terms um it was it was a very good introductory and uh examination certification as well as a first um step into that sphere from comptial i thought they did a very strong and then every time i went to a conference like i've been to wild west hack and fest b-sides you know all that stuff you talk to somebody like hey have you done uh pen test plus oh yeah i was actually really surprised at how strong it was i i liked it a lot of people talked to that were that beta tested it i was offered a beta test i shouldn't have the time to do it um and then when i took it i just i just went in there and sat it right i just said i'm just gonna go sit the exam and see what it's like and it was like okay not not too bad they kind of have their own examination obviously you're gonna be doing some checks and boxes here and there you know check all that apply which one of these things is not what you're looking for you know those old fun questions that you get but it was also all right take a look at this log and tell me where the attack is or bypass this firewall what's the what's the correct tool and and what's the correct switches for this nmap scan so they got a little bit deeper they they get some good beat on the bone i was i was fairly impressed with that and i think that like uh ceh has been around for a while so they've they've got a really good honed product they know what to put out they know what people are expecting and now they're having to compete so um i think that when pentest plus came out it was a strong competitor to v10 and now here comes here comes v11 stepping up the game even more because you're not going to get that hands-on stuff with the pentas plus they don't have labs and all that that i know of anyway maybe they do and i just haven't been privy to it but here we are seeing ec council going let's get you in let's do some hand stuff this is not simulation get in there hack a box try this technique see if it works if not what went wrong so i'll be really interested in the next iteration of pentest plus yeah and if they step their game up are they going to add hands-on labs are they going to give that kind of resource to the end user because if they're not going to then they should that would be that would be a misstep in my opinion so let me ask you this question so someone if they're you know looking at becoming a hacker and they have this pivotal point they have to make this decision pin test plus ceh i mean honestly obviously if you're looking at the price alone you're like pentax plus looking really pretty right now um but what should they choose what would be best for their career oh man that is that's a good question and this is just your opinion and people please realize that when daniel's telling us this it's his opinion and he's he has experience in the industry and everything but what we say is not you know doctrine it's just what we experience and your experience may be different so anyways go ahead yeah i would say if you're looking to the i think that if i had to choose one over the other right now i'd have to put my money on ceh and here's why not because the pentas plus is a bad exam or anything like that but it's still relatively new it doesn't have the notoriety i'm not 100 on whether or not it's dod checked out so it very well may not be at this point in time that does take time and effort to get done ceh has those things it has it's a it's a known name it has 85.70 and it's it's comparable in difficulty and skill level that you'll come away with as the pen test plus so right now if i had to put my money on one i would have to say ceh at this point okay awesome awesome so which is is rough because i'll tell you two reasons why i'm not a i'm not a big fan of the ceh just yet now as far as content goes i love the content it's great two reasons i i kind of hate it it's the price because i hate the big barrier to entry and then also that two-year experience check they give you and it's not just like a recommendation like oh you should have two years experience like all these other certifications they make you verify it which i think is such a bummer to people trying to get into the industry i think that that is probably one of their biggest mistakes is that they do that i understand why i totally get it like they yeah they don't want you to go in there and spend buku amounts of money and then fail because you didn't have the prerequisite knowledge yeah i see that i see that that's kind of the push for that and they had to draw a line in the sand and say are we going to require it or are we just going to make it a strong suggestion they they fell on the side of we're going to require because and i think business wise it probably makes more sense because then you don't have a large fail rate and people here like oh everybody fails to see eh all the time and it's super expensive and now you gotta take it again ah you know oh i really should have had that two-year suggested you know background knowledge and i didn't i thought oh i'll be able to overcome that and i couldn't i failed you know they don't want that being the stigma around at least that's my guess right if it were me that would be what i was thinking i could see that i could say test plus does not have value right because if you're like you know what i just want to start learning this stuff and then i'm going to move on to something else then you know pentas plus it's really cheap it's not that expensive at all um i would also start pulling in elearn securities the pen testing student slash ejptd elearn security junior penetration tester certification see i still can't get my mind wrapped around all the acronyms on the elearn side i'm like okay that that's just another thing full of that i have no idea they go crazy with that stuff but man i'll tell you right now if you were to say okay daniel let's let's get your opinion on pentas plus versus ceh versus ejpt i would ejpt that thing in a heart a heartbeat really works second um it was i i kept hearing buzz about it you know people talking about it and saying yeah this was a really good experience it was a really good exam like all right i got to check this thing out i got to check this out i got to see what's going on here it was some of the best it was the exam i never had fun taking an exam before i had fun taking that exam so was it hands-on it was totally hands-on it was questions though as well so the way they work it is is uh they give you questions that only someone who has inside information to the network would be able to answer oh fine okay right so it's like this um it's like the scavenger hunt for hackers right where you're finding all these things and you have to be able to perform x y and z techniques to gain that information so you're doing all that hands-on stuff now don't get me wrong it's not this it's not a ctf it's not a capture of the flag or you got some weird steganography you know uh trick you got to do or some weird logic puzzle that's oh well they they hid it in this directory structure that if you know you know some the greek god of x y and z no it's not that it's not like that like a a weird obscure question right yeah yes anybody that's done ctf stuff is probably going amen brother right this is this stuff is skin it's supposed to that's a game right that's supposed to be a part of a game that's that's a puzzle this is an exam that is fun because of how it's structured it is a very straightforward junior penetration tester level exam they will take you from total beginner into i think they're the biggest competition inaudible security is probably the biggest competition not just for ec council but for comptia for offensive security we didn't see an update to offensive security until elearn security started really winning hearts and minds and then right because i don't know if you're if you knew this or if you remember uh i think it was like a year maybe two ago somebody leaked on twitter the uh some exam answers to the oscp because they had contacted offensive security and said these things are out in the wild you need to update your exams and they heard crickets they said okay if you don't update your exams it invalidates your certification and i'm going to put this on the web and they heard crickets so dump they did and like two days later but uh offensive security contacted them said okay we're going to update don't worry and they took it down it was all in because you don't want to get stale right hacking is something that changes constantly new technologies are coming out old ones are becoming irrelevant right and they saw that that exam was becoming irrelevant and that the technologies and or the exam itself was exposed so it was lowering the value of having your oscp thank goodness offensive security saw that they said you know what you're right we're going to make a change here you kind of forced our hand i don't know exactly what went on with that conversation but that was from you know an outsider looking in going wow this is like crazy to watch and then elearn security comes in and just starts mopping up with phenomenal exams that are not meant to be if anybody's taking oscp they know it's very ctfe they they love to send you down a rabbit hole and make you have pressures of time and why isn't this working i'm running out of time and and a lot of people fail just because they mismanage their time and the pressure of it and they say they're trying to emulate the pressure of a real and time constraints of a real pen test and i get that i think that's valid in some ways but elearn security is like we're just going to give you a pen test you want to use a tool use a tool you want to create your own create your own go do it like you want to use metasploit kick it go for it we don't care that's what pen testers do that and i saw that i was like this can't be real right they can't be like saying this and i actually talked to them and they're like yes we want you to be able to do anything that a real pen tester would do in our exams so that's awesome so i'm i'm a huge proponent of vlan security at this point so i'm on their website now and i'm in alphabet hell i can't even see what's going on uh but i do see the ejpt so that that's the the ceh and pintest uh competitor and in your opinion the winner um yes what would be the equivalent to the oscp or would you say that's an equivalent i wouldn't say it's an equivalent to oscp no i would say that it is a great like if i were creating a roadmap to oscp i would do ejpt then i would do their ptp which is the pen testing professional and then go back and do oscp because ejpt's not quite enough for oscp ptp is well beyond oscp but you kind of get you know but then you'll be able to go back and kill oscp that's been uh the word on the street that's been a lot of people that i've seen uh watching you know people i interact with that are in the space that are going after these different certifications there's been a common um story that they're telling oh yeah i went to ejpt ptp then i came back and killed it on oscp it was like i knocked it out of the box in like 12 hours i was done you know on a 24-hour exam you know you see things like that all the time so it's nice to know like i mean i don't know about you chuck but if there's a certification out there that's got red team written on it i want it i don't care what it is right i want to have all that because i want to know all those different experiences and the exams and see where they're trying to point you to and what's relevant in that space so my job right now is basically learn everything from everyone so that i can help you know joe and sally out there that are trying to get into security on a red team side of things and really point them in the right direction give them the resources that are going to help them be successful and fill that security gap that we have as far as workers go having enough qualified uh trained security professionals in that space obviously uh if anybody's paying attention you haven't had their rock ahead under iraq for the last 10 years or so we know that we sorely need qualified people in that area so i want to help get people you know i think having a more secure uh world is a better thing because then i don't have to worry about my bank account getting hacked i don't have to worry about someone doing uh nefarious things with my identity and then me having to suffer the the consequences of that i don't want that for you and because i don't want that for me i don't want that for you and i want it for anybody else and hopefully that's vice versa it's very symbiotic in this world like in that case well that's great and that's you're so right because i mean it's it's like any other threat we have in our world it's always going to be something new it's always evolving and we always need people that are researching this and anticipating the the bad actors uh next moves they are it's crazy how fast they move and we need to move just as fast and we need more people um a great question from uh uh where to go jimmy he says does it protv offer training for ejpt and ptp and abcdefg we do not offer training for those um courses a i just learned you know basically you know i got my ejpt like three weeks ago or so maybe a little longer um be they have split they are they're owned by ine which is a direct competitor for it pro tv and they're creating their own video training course wait hold on e-learn is owned by ine yeah they they were required they just released that like a few weeks ago oh i see that now when i e was acquired by somebody else too they're they're all corporate company now they're interested in companies yeah they have split off their certification from their training though so and um if they do something like go down the route of becoming dod then they fall in the same um purview as ec council does and we would be able to create training based around that that being said that doesn't mean that we don't have training that would help you in that sphere the whole purpose of me creating that hands-on hacking series is because i kept seeing all these vendors pop up with hands-on certifications oscp ejept ptpt all the abcdefg my favorite one right and i thought you know what would be great is if we just had a tech skills type course where we do hands-on hacking to give you that hands-on experience so i found all the re i i say i found i i knew about all these resources that would allow somebody to build their own lab and do some hands-on stuff follow the bouncing ball with me and we're going to talk it's not just going to be like you know i follow a lot of people on youtube and stuff that do a great uh job of of walking you through things like ctfs oh here today we're going to do x y or z ctf and they take you from soup to nuts i thought man this is great but most of the time it's just okay the next thing i do is this i find this i perform this step and we're on to the next thing it's like one of those video game walk-through guides you used to buy right like that's that's no fun like it's when you get stuck is nice but you shouldn't just walk through step by step yeah right you nailed it what i wanted to do was do that but okay let's camp out here why is this important how did we even figure this out how do we what do we need to know about this to make it relevant for what we're going to do so we can incorporate this knowledge and what i liked about ctfs was they kind of had a built-in story right so we can use that as the context for that and it makes a much more engaging experience and it gives you that that hands-on practical experience that you need for those types of exams so watch the hands-on hacking course and the great thing about it is is that i've i was telling um my superiors i said this is a the gift that keeps on giving for us because new ctfs come out all the time and i just add them and i continue to ask so this is going to be an ever increasing body of knowledge that people can go to and use as oh that's right and learn new skills see how they're being applied and if you forgot something go back watch it again try it again figure out what is he talking about here let me look that up maybe i didn't go into enough detail and i'm i'm trying to tease out all the detail i can inside of that course so that if you are going for one of these hands-on type of certifications you you're better prepared and that that was my goal with it anyway now that that's awesome by the way but that makes this question pop of my mind um i'm fairly new to the hacking world so i i don't know like as far as like applying for a pen tester job or other types of jobs blue teams i don't know as far as that goes how valuable are certifications because i'm not sure if it's like the programming world where it's more about what you know and how you can demonstrate that so do certifications hold a lot of weight in the hacking world or is it more about can you do this etf do they do ctfs in an interview how does that what does that look like and how's that world kind of structured super interesting question because from my experience with talking with people that are looking for uh people to add to their team as a pen tester right so go to these conferences and one of the things i'll ask the vendors as i bounce from boot to booth is okay so you're a pen testing company i train people to learn the skills that you're looking for that they need to be effective and to get jobs with companies like yourself what makes the best candidate what are you looking for right the good news is more often than not i'm hearing a lot i'm looking for attitude and aptitude overall right i heard one guy tell me i think it was from like netspy or something he said i can train you to be the hacker i need you to be but if you don't work well with the team if you're not good with customers i can't train that into you you're either good or you're not and that's what i tell people like my my audience you i've been preaching this to you guys forever the x factor skills you need to have are the attitude right go in you're willing to learn you're willing to do everything stay late study hard whatever demonstrate that and also being able to deal with people customer service is that secret weapon you can have just dealing with people so right now how can you prepare for a hacking job get a job at starbucks and try to make some lattes for people that's what you can do um so but that begs a question though it's great when you get to talk to that guy and demonstrate that but how do you get to talk to that guy what's what's on your resume that gets you through those hr barriers yeah that br that brings us to the certifications is if so i i would i would constantly ask them let's say a person like myself what would you think would i be a qualified candidate i've got a few certifications what are your certification okay i've got ceh pentest plus and ejpt i also have basic skills with creating python programs bass scripting some power shell i understand x y and z technologies when it comes to cloud and networking and constantly that i would i would be confronted with well you can go talk to our recruiter right over there you need to give them your card i'm like well i'm happy where i'm at thank you but you know and those aren't anything that would be out of the realm of possibility for anybody that's looking to get into that so yes certifications are really good for getting past those hr barriers now we have to pad that though it's not this one and done thing it's not like i got my ceh man i'm going to be knocking doors down left and right there's tons of people that have their ceh so what separates you from them it's the extracurriculars that we engage in that are really going to set us apart from the pack do i think you need certifications i think they're very helpful in gaining work in as something like a penetration tester an ethical hacker you're doing vulnerability assessments things of that nature uh with that though i would highly recommend creating your own tools learning you know go through a python course learn some python create a tool i don't care if it does the most mundane thing that there is already a million way better tools for right build a port scanner build something that you know pings a network and finds all the live machines and then port scans them that's great great advice that's awesome it's not going to kill you it's going to make you learn a lot about the language you're not going to be a developer at that point but you're going to have a functional working knowledge of that language and then put it in github right and then go put that github repository on your web page right or on your linkedin on your linkedin yeah get that going now someone goes oh okay not only they have ceh but they're creating tools they know a bit about python there's more to the story than just i went got a cert now i'm ready to go to work right they want to see that you're excited about the field that you've got some competency a lot of people i'm not i'm not trying to knock certifications or anything like that but there are those paper certs out there that did a brain dump or whatever they had to do to go grab certification and now it devalues the people that really worked hard to get that cert and devalues that cert for them so now we've got to raise that value back up by doing things like that right by doing ctfs and write up your write up your ctf put that in the github repository like your github is like a super good way to um get what you're learning and what you're doing and how you're staying active in the community go to i mean conferences now are a little tough because yeah everything's virtual but hopefully within the next you know year or whatever conferences are going to be opening back up but go to virtual conferences get your name on list start talking to people you know like you what we're doing right now people are asking you questions get engaged get your name out there start interacting with the community comment on people's linkedin pages comment on people's tweets oh this is really great let me give back i learned about this resource of have you guys seen this is so amazing and yeah there's going to be a thousand people that have seen that and go yeah i know about everybody knows about that but then there's gonna be a thousand i did a talk at uh i love what you're saying by the way this is what i preach to my audience all the time and it's good to have someone else come in and kind of uh voice uh support of that it's awesome anyways keep going yeah i did a talk at wild west hack and fest and it was a 15-minute campfire talk on uh some resources that were about i thought this is gonna be a stupid talk right this is stuff that everybody's already gonna know and i i don't know why they wanted me to come out here and do this but whatever i'll do it i can't tell you how many people came up to me and said that should have been a main stage talk that was so good i did had no idea that these were resources that were available to me to help me learn if you show that passion and you're going after uh those resources you're doing things like hack the box right you're doing ctfs from valenhuv now real quick real quick so someone asked and i i keep forgetting that with people who are just just now learning about hacking and what it means to become an ethical hacker what is a ctf and what does that mean for someone just getting started yeah good question so a ctf is a vulnerable a purposely vulnerable virtual machine or cloud-based whatever somehow it's a system that's up and it is purposely vulnerable and it's kind of a game for you to like use your skills to figure out some of them are very straightforward they call those like boot to roots so you grab the the iso or you log in to hack the box or try hack me or whatever and you boot the machine there's a straight path to root you have to know the techniques and the tools that you need to use to get to root and you perform those actions and you get root and you get you get like a little flag at the end it's either like an md5 hash or maybe they write something funny in a file and you just cap the file and oh you know there's a poop emoji or something you know and they're fun they're meant to be games but they help you solidify those tools and tactics and techniques that you're learning or already know or maybe need to learn more about to be successful in a way that you never thought that was possible okay now i got to stretch myself a little bit so they're kind of like going to the gym for hackers right that's good i love that yeah they give you a great environment in which you can control you can work with you can figure oh why am i and then go out and once you've conquered that mountain write your write a write up put it out online let's point people to and go hey i just finished xyz ctf some of them are are part of conferences a lot of conferences and in the hacking community we'll put a ctf together uh one of the more uh common ones is the um it's it's during the halls like holiday hacking or something like that from from sans i believe oh cool uh yeah it's it's always a fun one ed scotus puts it together if you don't know ed you need to look him up uh because he's an interesting fellow and he's he's been in this community for a long long time and has mentored i remember reading a book at his back when i was like in my early twenties and thinking this guy is crazy good i'll i'll never be on his level right if you went back and told that daniel that i'd be doing this today he'd be like yo whatever that's that's never gonna happen but it's uh that's what a ctf is it's meant to give you a cyber range that you can build yourself and kind of work with or log into and work with it most of them are usually free there are some pay for which gives you like premium access or things like actually i know hack the box has that true acme has that pen tester lab if you want to get into the web application side of things pentester lab is a great resource and they give you ctfs um continuing down web application bug bounty uh responsible disclosure uh hacker one has a ctf then you've got things like owasp juice shop where it's a a java based environment that you spin up it's a full web environment that's java based and you go in and there's you can you know buy things comment add stars it's just like going to a web store but you're running it on your local machine and you're allowed to hack at it and try all the topics this is part of the reason i'm just falling in love with the hacking world because you know i come from networking and system administration and stuff and we just don't have stuff like this like sure we have great certifications we have great learning resources but we don't really have networking competitions or or all these online things where we can like test our skills like this it's amazing um and it's and one of the biggest problems we have in every area of it is how do i get experience when it requires experience and you know the kind of you know chicken before the egg situation uh it's amazing that hacking allows you to do these ctfs and actually go through the process of actually doing something you can demonstrate your skills write it up and you can almost like someone just comments that i have on the screen now i think many people don't know that these ctfs show experience and doing a write-up is actually something something that you can demonstrate so they brought up the um the emphasis on the write-ups because at the end of the day and most people don't realize this the report that a penetration tester turns into their client is what the client paid for right they didn't pay for you to come in there and be all elite and pop shells as fun as that stuff is trust me it's a high every time you get root or even some shell access of any kind you're like oh yeah man i'm awesome and you feel good and then imposter syndrome kicks back in you're like i'm horrible at this but you know you finally get that root they don't care that you got root they want to know what they have to do to secure their environment yeah yeah so taking those ctfs and being and i actually did that i thought this would be a good resource to people that are using it pro tv so i took a ctf and i thought i'm going to write this up not like a ctf walkthrough but as a penetration testing report right and if you're doing something like oscp that's extremely relevant because they make you write a report and that's what you turn in and that report is how you actually pass the exam so if you can't write a cogent report you're probably gonna have a hard time getting past that exam they might come back and say hey yeah you did all these things but i can't follow that i can't recreate that there's nothing in here about what to do about that what should i be doing so take those ctfs now you get to show not only the skills that you know but your ability to convey that to somebody in a way that makes sense to them that they can it's actionable oh so there was a sequel injection vulnerability that you discovered okay so i need to be using you know prepared statements and parameterized uh arguments instead of um and maybe even like a waff and so because you got to put that stuff in a report and say here are some mitigation strategies that will help you uh close this loophole in your security that is the that is the meat and potatoes of a penetration test and report is that how do i fix it great you found it i mean not so great for me but now what do i do right so that's where penetration testers really show their worth when they're getting paid you know 30 000 for a week engagement so i i know on this side of things on the on this tester side of things they think 30 grand is a drop in the bucket compared to a data breach oh yeah that's cheap insurance compared to having all your pii on paste bin or on the dark web being sold ask all the companies that have gone through that what their legal fee alone was on that stuff right you see it all the time data breach cost x millions of dollars because you know they had a hundred thousand user data records uh breached 30 grand officer seems like a dream come true oh yeah yeah we see that but they don't get that yet until they're confronted with the idea that i'm actually going to have to pay how much gdpr has hit me with what uh that's crazy and we are now out of business right they don't want that to happen so that's how you show them the value in that this is going to keep you out of legal hot water this is going to keep your coffers full this is going to keep your people happy because we're going to help you close these problems you're going to be much more secure for the siege of it and you know what we'll come back next year we'll do it again we'll see if we can't figure out some more issues and get you even that much more secure that's how you show your value to them so if you can do that on the front end so that you can get into those positions to talk to somebody and say man i'm super passionate about getting into to red team security i want to be a penetration tester i want to do that i want to be an ethical hacker cool how do i know you're not just blowing smoke up my my behind right oh well check out my linkedin check out my github check out my website look at my youtube look at look at my twitter look at all the people i'm following this person is active you be active in the community you network that way right the old human networking and man your sky's the limit and you're somebody that knows how to interact can talk i that's probably one of the biggest problems i see in uh and just i t at large oh yeah and technicality of people to have good soft skills and and um you know i said they're looking for attitude and aptitude if you can be the right person for the job and you have the the the ability to learn it and do it they'll train you they're happy to do it and seeing that more often more mentor type roles coming up uh more often than not oh yeah i mean you're speaking the gospel truth here because it's so hard to train attitude i mean there's nothing worse than getting someone on your team who just doesn't want to be there and they make it very clear and they just butt heads with everyone and they don't they don't want to do anything they don't want to do like that that sucks but if you get someone on your team who they may not know everything but man they just they want to learn they have a hunger for it and i don't mind staying late and showing this guy a few things just gal a few things that i love people like that it's contagious um anyways we're gonna switch to a few super chats here that came in uh one from va scratch king says keep being amazing and keep being real and shout out to your special guest so shout out to you daniel uh let's see we got a few more coming in here uh andre hall says love the channel um we got a question here from d fury let me throw it up here on the screen real quick and it's up there and i'll read it right now since i've been out of out of the it field for 10 years due to an illness i'd i'd like to start taking exams i have overwhelming anxiety that i will fail how do you deal with failing exams and failure in general now you kind of just touched on that daniel um what's your advice for d fury yeah d fury i'm gonna start off with saying i totally get that like i was like did i write this is this i don't remember putting that in the super chat uh because i i get so anxious going into an exam uh halfway through it i'll always be like i'm failing i've totally failed this i i suck at this i am not good at this and i'm always surprised at the end was like oh you passed with like 90 i'm like how did that even happen there's no way i did that this is this computer is mistaken so i totally feel that anxiety i get where you're coming from what i've learned from that is that i i didn't fail right i'm going to start quoting i think it was um thomas edison uh he said i didn't fail when i was trying to create the light bulb i learned ways not to create a light wall right and that is the idea that's how that's the switch we need to flip in our brains so that that anxiety does not overcome us right and that we're able to then control it because we realize okay this is a game and i'm going to win right if i gave you the new halo game or call of duty or whatever i love that you are going to fail hard in that first level right the first level is going to kick your butts and then the next time it's not going to kick your butt so bad the next time it's not going to kick your butt even less the same thing when it comes to these certification exams is don't be afraid to fail right think of it as okay i'm going to know exactly where my weak spots are and maybe if you treat it like if i go in there or if i approach this i'm going to get the x certification i'm going to approach it as i expect to fail that first time okay how much does a cert cost all right so i need to budget that i need to plan for that as money a lot of certifications now especially on the red team side of things are you pay x dollars for the the course and the exam you get a value you get a retake voucher for with that that's awesome that's awesome free retake voucher that's perfect yeah cause like i can't tell you how how many times i have delayed my exam right one time two times three times because i was afraid and they're not cheap and uh i'm fortunate now to be able to afford a retake every once in a while but back in the day when i was being scrappy trying to fight my way up that's that's difficult man like that's well i'll take it in six months i guess i mean that's that's rough i love that they do that yeah totally uh oscp was um it used to be like 60 bucks for a retake i think they doubled now it's like 120. it's nothing like i'm not gonna blow my nose with 120 and throw it away but it's not the full retake price right so now all of a sudden failing my way forward seems like a really good strategy because okay well maybe i get a free retake voucher to go with this okay and you start well i guarantee we're going to see that being standard to get a free retake voucher because that's what people are looking for i need to be able to go in there and find out what i don't know well enough and there's only one way to do that and that's take that exam and go okay advice i am weak on x my enumeration is not where it needs to be i need to slow down i learned because i failed this exam that i i need to make sure that i'm methodical i'm not going down rabbit trails i'm hitting every versioning thing that i can finding every technology looking for every i have a method to that madness i need to get better at that then go back take two three weeks hone that craft go back in and then you kill it right so i always try every time i can is to say okay is is this going to be outside of the realm of possibility for a retake are retakes cheap are they in come with the price that they are that's really enticing to me because now i've got that breathing room so look for those those vendors and reward them by taking their exams right their competitors are going to see that they're losing market and go what are they doing that we're not doing and if the the shout from the masses is free retaking vouchers they're gonna go okay well then we need to work with price we need everyone right now i want you to do this right now go find your favorite vendor whoever it is cisco microsoft whoever make sure they have retake tweet at them let's let's get this this out there i love that because that's the best advice i either budget a retake or find people that do that because that's the biggest fear i always had through my career and it's funny the moment i was comfortable with failing something which was you know once i was further in my career and i was not afraid to fail that first time i ended up most the time and you would expect this passing that first time and i didn't feel ready but i actually was and that happens more often than not yeah it's crazy so you go in there like i got nothing to lose i'm just gonna fail this one i'll pass the next one but you actually knew more than you thought so yeah having that freedom that parachute is vital right now we'll see how you give yourself the freedom to uh to not second guess yourself right yeah because you're not going yeah i need this point i need these points it could be this but oh my you know if you think of it this way it's this one i'll check oh it's the wrong one and we're 20 minutes later on the same question and you're around the time like that that kind of stuff sucks man so now you get to go and go i'm going to straight up fail this like a boss and you're like click click click click click click click click oh what do you mean i pass sweet right so it just removes that anxiety and maybe you do fail and that's an expectation that you set for yourself i expected to fail i don't feel bad about it because that's what i went in there to do i just wanted to learn about the exam i didn't go in to pass it if i did sweets but if i didn't that's part of the plan you know a lot of it comes down to how you set your own expectations what do you expect to do when you're in that exam booth if you're expecting to go in there and hammer it out one and done okay that's fine but that could push a lot more pressure on you but if you can find those certs or you can get those vendors and a lot of vendors even if they don't offer as a policy free retakes a lot of them will have promotions where hey if you buy the certification now you get a free retake jump on that like flies to honey because that right there is going to help you be successful because then it does remove that you're like yeah but if i don't re if i don't need the retake then it wasn't worth it no it's worth it you got the exam it's totally worth it right so absolutely yeah and jump on when you see him great advice all right i got a super chat from pete jarvis uh easy one what was the online education training you did again looking it up as i want to do this also and i think he's referencing your training it pro tv um that's what it is itpro.tv and you can check out daniel's course uh on the ceh and you'll be doing the ceh version 11 probably i don't know tomorrow right it'll be ready tomorrow yeah i would love that to be ready tomorrow uh like i said if you haven't seen the courseware huge right like this big uh tons of pages thousands of pages to go through uh on that but i i don't expect it to be a huge lift for me but i'll need to see where they've uh shift emphasis your focus so i've got a couple other things on my plate right now but i do expect in the very near future to be uh tackling that and putting that in the library good news is i would if you have an i.t pro tv subscription you get cehv 10 and when chv 11 comes out that comes right along with it so it's not like we hem you in to where oh you only bought cehv10 so i'm so sorry you get everything in our library so if something doesn't make sense you're like man i'm not like checked out on these networking concepts go check out ronnie and anthony on the cisco stuff or watch a network plus or whatever you get everything we have in our library for whatever the subscription cost and i think for i think we're like 29 bucks right now for a monthly subscription yeah you're one of the most competitive offers out there which is awesome because like there's a lot of expensive options out there which i'm pretty familiar with and you guys are awesome well we appreciate you know we say around here we don't want price to be a roadblock to success for our customers right we want to give them great training and we want them to be successful that's why we got into this business i've known just about everybody in this building for oh my goodness what am i going on 15 years now right i knew tim and don back and i met them in 2004 and we all just became really good friends and one day they called me and said we're thinking about starting this business and we want to be the trainers we wish we had we want to give the content we wish that we had gotten when we were coming up through this stuff and i thought that's a noble cause right there and it sounds like a lot of fun because you guys are a hoot and i enjoy your company so you know i was happy to come on board and we have a lot of fun around here and we take the our our our members seriously in their learning career we want them to be successful it's why we spend time in like our our forums you know people posting our forums i check those forums every day for something relevant to my vertical so that if i can i can answer it for them and get them more successful that's just a part of the package right that comes with being an i.t pro tv member i mean geez our free you can come in and watch us live on on the live stream and watch us make mistakes and go oh why does that sequel to injection not work to ah it's because i put a period that's what's cool and i i admire you guys for is that they do their their training live like you can go watch them screw up which is kind of uh voyeuristic and fun um that that's and all the stuff mentioning doesn't bleed through into the trading it's fantastic i really enjoy it so thank you for doing great stuff with that um super chat from richard dalton it says i have the cysa plus and trifecta i'm enjoying the linux plus and pen test plus from it pro tv adam g told me to go after the ca sp memory in acronym hell right now after those what are your thoughts on the ccsp after the casp the ccsp okay yeah now i'm in acronym hell so those are definitely uh so adam is kind of like the yin to my yang oh when it comes to security adam's been around the block many many many many times right i'm not trying to like disparage his age or whatever he just has a a ton of experience on that blue team side of things he has been all over the world he's worked for microsoft as a security expert and teaching what they need to do right i can't tell you how many times every now and then me and him we'll get paired up and we'll go to a conference and oh my goodness it almost gets annoying because we get stopped like every five minutes someone going you're adam gordon i got my cissp because of you man i watched your training it was awesome like dude this guy is the bomb when it comes to cissp like everybody took it out of gordon course and got cisp so that's kind of his his uh strength my strength is that red team side now i do do casts not casper i'm sorry uh sisa plus as well um and i'm i'm probably gonna have a few more blue team leanings uh but it's gonna be more of that hands-on type of of certifications and things in there i don't know what i'm going to go for quite yet but i have that on the horizons as far as my uh hope to do kind of thing to put in the library for us because i think this would be a strong thing for us to have for our customers some hands-on blue team i'm going through some stuff right now hopefully you'll be able to incorporate that very soon but um as far as like casp ca casp is like a strong technician blue team technician that has some managerial that's starting to like i know says i'm not say something but uh comptia doesn't bill it that way but that's typically what i've seen when it goes away it's like i want to go more manager so that's when you start pushing into cissp uh ccsp chuck you're gonna have to help me out with that acronym do you got the you got that one i'm not checked out ccsb i'm gonna google that right now because i have no idea what that is is it cloud no that's oh yeah no it is it is it's the cloud security certification i think maybe that's cssp yeah oh no hold on hold on right i googled it it came with the wrong thing it was a cisco example ccsp i don't think it is um yeah yeah it's a cloud security it's from the is uh isc squared yeah okay i think i actually did that show with adam a while back like a long time ago so it is things i've noticed about most blue team type training like i'm securing they they emphasize so if it's a cloud-based certification emphasize doing all the blue team security stuff but inside of a cloud environment so right that's that's kind of how that's going to go you start getting like the cissp doing all the blue team security stuff but as a manager how you need to know what you need to know uh that's why that exam is such a beast because you kind of have to have a pretty wide breadth of knowledge so that you can manage teams that have the deep knowledge on those topics but still have that conversation with them and then push that up to the c-level execs so they can make informed business decisions about a corporation so um that's why you see that that way and he has a lot of experience in that realm i'll probably end up getting my cisp one day hey just right now i don't have the time nor the inclination to go down that road because i don't wish to be i i have way too much fun doing hacking stuff to to be enticed by by uh understanding the five steps of instant response you know count me out i have no no ambitions to go for this iss know these 12 steps in this order oh goodness gracious i mean it's definitely like you'll you'll make money with that certification you can demand a salary but boy you've got to love it because that's some dry stuff for me i think the average salary for cisp is like two or three hundred thousand dollars a year so tons of money but you took a beating to get there right yeah it's totally worth it if you get that cash though all right so we got a uh super chat from it career skills he has a great channel he used to partner with uh it crew questions um zach over there just love what you're doing network chuck you rock too daniel so thank you so much just good kudos out there got another one here and uh we'll probably end soon because i don't want to keep it too long daniel i know we've been going for a bit but we got one we got one from pete jarvis i think yeah another one from pete jarvis so would you guys say these types of certifications are gaining exposure because we're seeing way more people are becoming certified huh good question um i think that they're gaining exposure maybe not necessarily because more people are becoming certified i think more people are becoming certified because they're gaining more exposure i think it's the inverse right so i think that hr teams are becoming aware of these certifications and because the i.t people that are in the know in their organizations are asking for that on on job postings so because of that they're getting more exposure and people are going i don't even know what that is now to get on the googs and they go oh okay uh i mean i remember going down that road i remember going what is g pen you know what is this what is that speaking of which real quick uh small diversion someone asked about g pin it's it's do you do you call it g or just giac what do you think yeah okay okay what is that and and why and how does it compare to the ones we talked about today so that is sans uh institute that's their certifications that they they're through the giac okay and those are super expensive ones right yeah so the exams are expensive not only the training is expensive but the exams are expensive uh interesting but listen i've met tons of sans trainers great people smart you know just geniuses at what they do know that stuff backwards and forwards worked in those spaces ex-dod contractors ex-military xnsa you're definitely getting the cramming you're getting your money's worth out of sans training i can't i can't like disparage sans training it is the tip of the spear right my goal in life is to give you as close to sans training as i possibly can for 30 bucks a month i i don't i think with some of my training i i come close i actually do the training we have at it probably tv we have g-sec we offer g-sec 85-70 compliance certification so if you want to take it's like a 12 or 1 300 sit just to sit the exam but if you got it pro tv i'm gonna help you out with that good news is they allow you to take in handwritten notes and an arms full of books as a research it's an open book exam um yeah you it's weird as many books as you can fit in one arm they'll allow you to take that into the exam booth including your own handwritten notes so i don't know if that makes the exam crazy easy or it's just really really hard if they let you do that yeah i i opted not to sit the exam just because i'm like it's from the objectives and everything and mike that that works here he actually took that exam a few years ago you know he was interested so he took that exam and i and he was he was that's what it was he was teaching that course before i took over as the security like vertical champion and uh he started shifting his his gears more toward the microsoft side of everything and being our microsoft champion um and he was like it's it's basically security plus oh well okay but for 1200 and or 1300 and it's open book so i thought okay i don't know if it's i i i'm pretty checked out on all that information and i try to do a really good job of like again i'm i'm thinking the people that are taking that training i'm thinking eventually they're going to want to do some of this stuff so i always try to back this stuff up with hey let me show you that let me let's not just talk about that let me kind of give you some practical experience with this even just a little bit it might not be a deep dive but hey it's going to be it's going to be a you know hell here i always get a sql injection because it's something most people are kind of familiar with and aware of it's not going to be that one equals one we'll do that but let me dump a database onto a website for you real quick so you can kind of see the impact let me let me get shell access because i had write capabilities through a sql injection you don't have to know how i did that but you can see that oh this could be quite devastating and now i understand that avenue a little bit better because what i want to do is set the bar just a little bit higher than what they're expecting so that you have to reach just beyond your grasp and if you reach that bar and pull yourself up man you're i'm hoping at that point you're just super equipped to go sit those exams that you paid good money for and are successful i want my i want the people that are watching my content to be successful so i'm doing everything i can to make that a reality that's awesome speaking of which where can people find you if they want to follow your your musings my musings i'm pretty active on linkedin right now i i i like linkedin because it's professional twitter tends to be a tire fire so i a lot of times i'm just i just stay away from twitter i don't i used to tweet back in the day and then i just saw it was this big old mess so i didn't like that about that community so i started looking for other social media found myself on linkedin and i like linkedin a lot it's it's a great way to network with other people meet people in your sphere i love to see when people are like hey covet cost me my job and i need some work anybody in my you know connection sphere helped me out and people just rallied to those cries hey look at this they they point them to jobs that are open or they point job um uh employers to hey have you seen my friend here on linkedin you need to check them out they would be perfect for you i love the the building up always giving you something either inspirational or educational or that's a part of something that you're interested in it's a great community so i really like linkedin as a social media for doing i can't tell you how many cool tools i've discovered certifications resources just through someone going hey just saw this over here are you guys aware of that boom i don't know what bloodhound is what is that oh this is cool you know and yeah lincoln's awesome yeah speaking of which i put uh daniel's linkedin in the chat so if you want to go connect with him he might accept your request i don't know i i will accept your requests all right he said it he said it yeah i i will do it awesome uh we got a chat from jaspel or jaspal i'm not sure how to say that he says um a great question i'm curious about this isn't there a way to get around the two-year experience for ceh is it can you do it by taking the official ec council training are the pros and cons of going that route i think that's the way you can right and do you recommend that i think you i now you say that it does ring a bell that you can get around that's um the if i'm remembering correctly they make it wicked hard for you to get around that because they they really don't want you to do that they want you to pay for their stuff and you know i can't i can't knock them for a warning right right but it's just how they feed their families and put you know clothes on back some foods on tables i totally get that so um we can have a debate on whether or not their pricing is right but i totally get that they want you to pay for their stuff they offer a product and that's what they're selling uh so yeah totally get that i don't knock them for that at all but like you like i said now that you say that it does sound familiar if it is in there they bury it that you got to go around the bowels of ec council's website to find that stuff because i'm now i'm starting to remember looking for that because i think somebody mentioned that me before and i was like okay let me look around here and i i probably knew that web app better than my own you know but before it was done i was like oh here it is that that's ringing a bell so i want i want to say tentatively 75 sure that you are correct on that but don't hold me to it cool is there any uh benefit to just going through the courseware and uh and gaining getting past that two-year requirement that way or i get i'm trying to figure out how to ask that question i guess it doesn't really matter because like what you said before the requirements of prereqs to ceh is that you basically have a little bit experience in i.t um you have security plus knowledge and such do you think you need two years experience at it to take the ceh so some people don't honestly i think that's legitimate like um some people are just really really adept at i.t and they see a concept they read about it they understand it they they assimilate it and they can practically perform it and they can do that in a very short amount of time i totally understand if they want to bypass all those restrictions because they know themselves to say i'm pretty good i think i could probably handle this i don't need to have two years in the field to be successful here so i think that's probably if if ec council does have that caveat that's probably why they allow for it but i have seen a lot of people so this this goes to something i i'm glad this kind of get brought up a lot of people want a shortcut to the finish line and i totally get that right i i am that person like cheat codes are are there for a reason right on your favorite games because i just want to beat the thing i just want to experience the game and have fun with it and then set it to the side or whatever so i get the idea of wanting to take a shortcut to the finish line i don't recommend that and rarely rarely is that the case that you can do that right so if they say two years pre-rex it's it's a it's a good i think that's a solid idea that you know about microsoft you know about linux you know about networking you understand how operating system works you're good with permissions basic security functionality within those environments and then some some web you understand how websites work how http works uh all that technology that kind of builds that a basic understanding of methods get requests post requests what's going on in there understand the the some scripting you're you get that knowledge from being somebody who does it for a couple of years you'll you'll really quickly find yourself uh with that experience after a two-year stand uh at any kind of i.t job even a help desk honestly get a lot of experience on a help desk especially with dealing with customers so that can always be a really good first job for it so like i said i get you wanting to go and just say i just want to bang this thing out and go get that cert i get that mentality i don't recommend it for most people generally yeah and i think that's pretty good advice because i mean you can become too cert heavy without experience and that looks really bad on a resume if you are rocking an oscp or something but you've done nothing in it before um so yeah definitely want to have that experience before you jump into something like that uh daniel do you have time for two more questions i want to keep it too long okay you're good man you're good so real quick this is my question it's just a shout out uh he says hi this is charlie stuffins hi chuck from 23 just getting started it world just wanted to say thank you for all your help thank you charlie for the super chat all right so here's the two questions one was a super sticker from anthony saquera so shout out to anthony nice um and then here's jonathan pakey i think it's how you say it let me throw it up here find it on my program there it is he says uh i'm in my last year of a cyber security course and i graduate next year would you recommend getting any certifications before or after graduating to help find that uh job in cyber security in the uk ah that could definitely be a good one-two punch if you've got a cyber security degree and you've got a certification to go along with it you're going to put yourself above the pack that only has a degree or only has a certification so you know i i talk a lot about uh to people that i interact with about whether or not degrees are um worth because they can they're super expensive right you're going to school especially here in the u.s a lot of those types of degrees are offered through private technical schools you know we all know about these online colleges things of that nature a typical four-year school uh probably won't be as expensive as one of those schools because of their private nature but you can spend 40 grand real easy on a four-year degree at one of these schools and then be in massive debts and and hoping to get a job uh depends on the school obviously on whether or not they have a good program but if you got a good program you got a good degree you got some solid skills man you should be able to go in and and tackle a good cert like oscp or something for meal and security and you have that one-two punch and people are going to be probably knocking your door down to come have you work for them um because that's do you think that uh because i i again i'm still new to the hacking world but do you think that a degree like a cyber security degree by itself is enough without certifications or do you think the hacking world honors certifications more than a degree um because because because i mean certifications like we know what they cover degrees can be so wide and varied right we don't know what that degree program covered that's that's the thing and that's where you're gonna need to like i think in in it we all kind of know like chuck you didn't have to go to uh college to understand networking you can just start getting cisco courses and go to cisco academy and all that other good stuff and and start learning about that stuff you need a college degree look at look at millionaire bug bounty hunters right like 16 year olds and 17 year olds and 18 year olds that are making a million dollars a year discovering bug buyers they don't they're not out of high school yet and all my audience goes what do they just say bug bounty i'm googling that right now you know these are these people are killing i'm not don't get me wrong that is uh that's the exception not the rule to bug hunters uh but people that do bug bounty hunting can make a decent living and they work from home they set their own hours they have a lot of fun it's a great community um and you get to hack on like yahoo and google and you know tesla and all these people yeah tesla pick your poison they and their dod the united states department of defense has a huge scope anything with a dot gov dot mil is open scope right right go go start hacking on those programs and they you know of course read the responsible disclosure form before you start getting crazy uh to understand what the rules are behind that but they basically say if it's got a dot miller.gov on it go for it and because we want to know where those holes are so you don't have to have a degree for that stuff you don't have to have anything you just got to know what you're doing you just got to know how to find a cross-site scripting uh exploit or a vulnerability and exploit it and be able to write up a report that says here's how i did that and interact with somebody on the other end and be able to be patient and wait for somebody to go this was a duplicate we already know about that and you go no no yeah that does happen i work so hard yeah work so hard to find this and they're already working on i don't know that does happen um but it that's that's all real world stuff because that is the real world and you can just go go crazy you don't need nothing just get just get into it um so it just really depends on uh where you're trying to get into if you're trying to be a penetration tester and work for a company like trusted sec or or something that effect that's going to be where they'll look more heartily at what your your degree was in what the program was like they're going to want to see some of the courses that you took and what was involved in those courses so that's going to come in you being able to write a really good resume and put that pertinent and relevant information into your resume so that they understand oh this was a good course versus we learned about operating systems and you know some of them are kind of weak um yeah jonathan actually followed up with this statement he said in my final year we actually performed a simulated pen test similar to what the ejpt sounded like so it's quite practically intensive so it sounds like he had a pretty good degree program that he could probably throw onto his resume yeah i would totally um like highlight that in my resume and say this was a really good experience we did practical hands-on stuff i was a part of you know my capstone project was hacking alive environments and we found bugs and it was fun it was we did this in xyz i demonstrated these skills in that environments i was able to successfully perform that maybe take your project put it in your github so that they can have an easily accessible place to see what it was that you did in those environments and go oh yeah this was no joke they they actually have some skills they might be a viable contact and of course that personality that comes through because again you might not be the greatest pen tester quite yet or ethical hacker but man you really fit the culture and you seem to be a really good fit for the team you got a great attitude you're hungry you're humble they see that kind of stuff man you're like a you're like a diamond out in the middle of you know the sand and people are like i can see that from a mile away i i want that it's attractive oh yeah culture fit i mean even if you're going up against like the most certified like 20 years experienced person but your culture fits above theirs you win you win because they can train you they can train you to anything but culture if it's so hard to train on i mean you really can't yeah i sat a talk it um from deviant if you don't know who that is just check out uh look up deviant and he was talking about what makes the best you know or employable person and he was like you got three tiers of people you've got that guy is awesome or that girl is awesome that person is awesome then you got yeah yeah they're pretty good and you got uh how do i put this um screw that guy yeah forget that person i'm keeping it pg here uh he did not so be aware if you look up that talk and it was a really interesting idea because he's absolutely right you don't have to be that person who's awesome you just don't want to be screw that guy right and a lot of people they get kind of full of themselves they get puffed up with their skills and they can be really amazing but nobody wants to work with them no no i don't care how skilled you are if you're a jerk um yeah you're not work gets around yeah yeah where it gets around in this community word gets around you're not going to keep a job long because someone's going to go hey do you know so and so because that's how jobs are really gotten a lot of times it's like oh so-and-so set my training course or i met them on twitter and they were really receptive or they you know they were on linkedin they were all constantly posting things and they they requested a connection with me and i accepted and they were just it's always pleasant to interact with and i can see their skills are growing man they're posting this or posting that have you looked at i know you're looking for a junior pen tester you should check that person out they might be a good fit for you that's the that's the way you really build that's how you network in this community and get those jobs you got to have the skills to back it up obviously but as long as you have the basic skill sets that they're looking for that attitude will win you out every time over someone who's a snob about what they can do because yeah so you are awesome but you're also screw that guy right and i don't want to have any part of you yeah and it's funny uh a lot of people who are very very smart just kind of are that way like not every one of them but like when they when they're in in god mode and they're in boss mode they don't have to compensate with you know having a good attitude would be nice to people they don't have to they just they can be a jerk because they feel like they know everything and that should be encouraging to people who maybe don't feel like they're a genius or that guy over there is in the matrix 24 7. i can't be like that guy well you can overcome those obstacles just by being a cool person by networking by making sure every interaction you have with someone is intentional like yeah pretend that when you're talking with that guy like that could be a future job opportunity so make sure you have a good interaction with that person i i think of it as like there's there's a little switch in our head that we need to flip when we have that problem i was guilty as charged as that right i was thinking i know this just get out of my way let me do the work oh you know my users are so stupid they are always causing me issues like that's my job i realized my point is to come here and help them and we're on the same team right so let's let's join hands instead of this us me versus them mentality i decided to turn around and go i'm going to come up beside you and i'm going to help you and i'm going to be there for you because you don't know this stuff i can't blame you for doing the wrong thing when this isn't your specialty it's just not what you do this is what i do that's why they hired me to come help you when things don't make sense to you or you've accidentally done the wrong thing and now we need to put a fire out nope no problem i'll get you there we'll get there together and then you'll get back to work and you get to killing it because whatever you do for this company pays my salary right that we're supporting each other so once that switches in your head and you get rid of that us versus them mentality and that tribalism then all of a sudden you realize everybody here is in the same tribe i need to help them and let's do this together all of a sudden you become that person that's like they're really good i want to talk with them when i need help i want them to come and help me because they were they didn't make me feel stupid they didn't make me feel like i was the worst thing in the world because i made a mistake right they understand that people make mistakes we got over and i was back to work and it was no big deal and maybe i had to do some security awareness training because i accidentally clicked the link in an email that i shouldn't have done but now i know not to do that and i'll probably do it again one day so i'll need some more training again down the road but you know i know they're not going to bite my head off and that they understand that people that's the that's the attitude that you guys need to have out there and that's going to make you i mean i would be beating down doors for people like that if i was running a company and i needed pen testers if you can interact with that that way with our clients and to make them think we're coming in here to help you we're going to make you as strong in security as we possibly can be we're going to work with your team we're going to make them feel like they're in this together with us and we're going to make you secure we're going to keep your customer data safe so that you don't have data breaches and your bottom line is going to flourish because of it oh man they'll probably fall down prostrate in front of you and go oh thank you great savior of i.t you know that's the kind of thing that you want out of them and that's the way to get it all right so write a resume guys just not a jerk you'll get hired just like that no don't do that please uh so we got one more question here uh and this is kind of a tough one i want to get your perspective on it it's from roger marin or a marine he says i'm 58 last year i completed my uh bachelor's in cyber security with 18 it certifications which is super impressive seven of them are security do you think i am being high i'm not being hired because of my age so he's having trouble getting hired he's got all this stuff going on what's your opinion on that well that that seems like a story that needs a little more context yeah i would agree a little more context yeah um i i don't necessarily think that like i haven't seen a lot of ageism again people are hiring for aptitude and attitude right if you you obviously have the aptitude you got 18 it certifications you've got a degree i don't care that you're 58 man you obviously can do a job so i would want to take a look at what you were applying for um and take a look at your resume i don't know how many interviews that you got out of that but it just seems like you probably just need to network more you gotta you gotta expect to not have everybody think you're awesome or even oh they're all right because they don't know you right you've got to build that trust with somebody that you don't know so maybe uh hiring a professional to go over your resume and make it as as tantalizing as it could be to a possible hiring organization then of course you got to go in you got to kill it when it comes to the the um interview the interview process is extremely important getting past hr is one thing but if you get in there and you say the wrong thing or you have the wrong attitude again i don't know you from adam's house cat so i'm gonna assume you're a good person and it's your cool because you obviously got some really cool skills and you're passionate about what you're trying to do so i would i would want to see how you interact in those one-on-ones to to give you some critique that that would be something you would need that that hands-on one-on-one uh to try to figure out where your weak spots are yeah that's good i i would say like um like being 58 and and just now getting all these certifications and your degree it's ageism is a real thing right and it happens yeah and what you're going through being 58 and having that that skill set is unusual but it doesn't mean you're any less of an engineer jumping into that role so i think maybe like what kind of daniel said you need help with your resume to kind of help tell the story of why you are where you how you got to where you are because like you will not and you're going to be great in any role you go into but you have to be able to tell well why why are you 58 just now getting into that because it's unusual doesn't mean you're not going to get the job but it's unusual so i i saw there's further context in the chat we saw i think he was out of work for eight years taking care of family which is a noble thing and it's awesome but you have to be able to explain okay what was going on there's got to be something on the resume some way to explain that which can be hard because you know resumes are supposed to be very professional very this and that but at the same time you got to be able to just tell that story about how you got to where you are where your passion comes from now i made a linkedin live stream a few uh months ago kind of helping people to linkedin stuff and that was part of the story or part of the advice i gave them was uh your linkedin needs to be a story about who you are what you're passionate about and how you got to where you are so if you're 18 and you're looking to get into cyber security it should be no different if you're 58 you got to tell people tell them what you're excited about display your passion have that attitude have the aptitude like daniel said beyond that it's what daniel gave advice for as well getting that that hands-on face-to-face with people being able to explain yourself and kind of get the practice to figure out why hey why what's going on why am i not being hired can i get some hr to like help me understand what's going on hopefully and i'm assuming the best in a lot of companies that ageism isn't going to be a thing for most people but it does exist and that sucks but i think if you can step in and demonstrate your skill set most people will not have a problem with that yeah you know i i see that on linkedin a lot where people are just like don't underestimate giving somebody a chance you know be that person that says you know what i'm going to take a chance on you so hopefully you know the people that are out there are hiring are hearing this and seeing this and other avenues as well and going you know what i'm i'm not gonna go crazy on this guy's age or whatever other circumstances may be odd or different than what i'm normally used to seeing let me let me just kind of talk to him for a second and see why that might be the case and just at least give him a chance to explain himself so hopefully that becomes the case the other good news is that a lot of times when i go to conferences they have that training they have someone there there are a lot of great podcasts out there in the security space that will help you with that just check out black hills infosec they got a great podcast as well um that talks not only to some of the technical aspects of what they do because they're pen testers right but also some of the resources that can help you in that i think it's um his name is jason he talks about he has he has a specific podcast where he talks about what you can do to kind of make yourself look good and and how that works i've i've been to conferences where there's somebody there and you're like you know what i get to schedule time with this person sit down with them with my resume and they're going to look over there a professional that looks over resumes talks to you teaches you how to uh perform well inside of an interview and they kind of walk in they give you that hands-on it's all included in the ticket price of going to a conference which typically isn't that expensive maybe if you got a fly to it that can add to the price but these are investments that we make into ourselves to be successful right yeah there are a ton of free or i'll say value i think that's a really good way of putting it valuable training and things that you can get out there but some of it you're gonna have to spend some money you know look at some things in your house and sell it like sell everything that's not bolted down make the kids think they're next you know like and take that money i've got four of them i can really do that yeah yeah yeah and then invest in yourself right that's what you're doing you're investing in your own future and it's gonna pay out you're gonna get a return on that investment when all of a sudden hey i just got my first pen testing job oh man now i'm a senior pen tester i'm making 150k a year that's a pretty good salary and that's not out of the realm of possibility in a very short amount of time you can probably within you know three four five years be at that senior level making that senior money and you're doing something you're passionate about you're having a great time doing it man that sign me up right that sounds awesome so yeah you're gonna spend a little money on that back end but man that that future you is going to thank you for doing that and believing in yourself enough to say i'm going to take this money and man i'm going to put the nose to the grindstone i'm going to learn what i got to learn i'm going to do what i got to do i'm going to stay up late i'm going to get up early i'm going to stop watching so much tv i'm going to learn a new hacking technique instead and i'm going to put something in my github i'm going to post on linkedin i'm going to do these things instead that's that hustle man and if you reach it preach it's you're gonna get noticed you're gonna get noticed and people are gonna want that hustle as part of their team because they see manis dude's got a fire i need that fire i needed to catch fire inside of my other team members or be a part of the fire we already got going you know what i mean that's the kind of thing they want to see when they see it is sky's the limit yeah you're you are speaking the truth man like that that's why i t is amazing because you really have that like no limit and if you come in with that mentality and you're hungry and you're you have that drive i always tell people getting into it is kind of like a life hack because you can go so far so fast if you just put your nose to the grind a little bit it takes investment and it's not easy but you'll get there faster than a lot of other careers and you'll make more money than a lot of other careers so much faster it's insane and it's it's just a it's a life it's a cheat code in life this is what it is and it's awesome um but anyways uh daniel i don't want to keep you too long i'm going to end it here um guys if you want to follow daniel i'll post his linkedin right now that's his uh social media of choice you know what and that's perfect because you know most of us are trying to get jobs and figure out how to break into the next thing so go follow daniel i'm sure he posts awesome stuff um and if you want to check out daniel's training which is awesome i'm using it in my journey to become a uh ethical hacker and uh his ceh version 10 course is awesome so link below it protein it pro dot tv and um anywhere else we can find you or linkedin's like where you want to be found linkedin is my space of choice so that's where i hang out of course if that ever changes i'll make sure everybody that's uh following me knows all about that uh but that's that's the best way i do have a blog post our blog uh on our website as well on itprotv i think it's blog.itprotv.com and then you'll see some of my stuff there i i need to get better at posting in there but i try to make everything that's in that blog something worth looking a lot of times i'll put ctf write-ups or just uh interesting experiences that i've gone through to try to again give back to that community but i'd love to see some new faces on on our training site and start to interact in our forums and things of that nature because it's just so much fun i'm really passionate about um uh hacking i've i've wanted to do this ever since i was a kid ever since i saw like war games oh yeah this is awesome you can you can do that you know then you see sneakers and and hackers and stuff is as ridiculous as that movie was it was really inspiring and you got things out there like now like mr robot and stuff that really bring that to the forefront and make people it's interesting and it's funny is you think oh that's hollywood and there is some some dramatization to it but in real life it is that much fun and is is a very addictive thing so i i love it so if i ever change anything i'll let people know and let and and so they can follow me around well that's that's good to know it's and guys like you want to go follow daniel because you want to follow people who can keep you motivated who are passionate about what they do because you need that and learning this stuff is not easy uh it's definitely fun and exciting but it's not always fun and exciting you're gonna hit a time where you're frustrated you can't do something or maybe you're hitting a boring rough patch where you're learning theory all theory and you want some hands-on you want to just kind of switch and do something cool that's why you got to follow a new arc of people in this industry that's where that's where you maintain your your motivation and your excitement um anyways daniel thank you so much for coming on and telling us about the ceh version 11 and also just everything else about hacking you've been so awesome and generous to just give us so much advice so thank you so much and uh any passing any ending words of wisdom at all or yeah i just thank you for having me on it was an honor and a privilege to come on here um i've i've watched your stuff and i think it's great so keep up the good work i appreciate that and if you if you're out there and you're thinking man cyber security seems like something that i might be interested in you probably will be because it is very interesting work so take that take that initial spark and motivation and run with it and don't ever drop the ball you know just just keep going plow through roadblocks don't ever let them stop you completely just think of it as like you know what it's a game and i'm going to win and you get that will going and man there's there will be little that would be in your way that would keep you from being successful if all you do is get passionate about it as soon as you're passionate about it you're going to find an engaging community an open community an accepting community people that love and then one day you'll be the person spurring on the next generation of people and being their resource and them going oh man you've got so much experience and you just find yourself there one day going how did when did i become that how did i get there it was real that's real man just got to keep pushing and you'll find yourself there one day never give up never surrender and uh man you're going to be that you're going to be able to ever die all kinds of stuff yeah all right man we're going to end this guys thanks for watching um again if you haven't already check out itpro tv if you want some coffee i got some coffee networkcheck.coffee that's all i got i'll catch you guys next time so again again thank you so oh come on huh again wake up you

Info

Channel: NetworkChuck

Views: 83,199

Rating: 4.9401937 out of 5

Keywords: comptia linux plus, comptia linux+, comptia linux+ certification, comptia linux+ exam, comptia linux+ tutorials, comptia linux+ xk0-004, ethical hacking, hacker, hacking tutorial, how to be a hacker, how to become a hacker, how to hack, information technology, kali linux, learn hacking, linux for beginners, linux tutorial, linux+ exam, linux+ xk0-004, raspberry pi, raspberry pi 3, top 10, ceh, cehv11, cehv10, certified ethical hacker

Id: PhVTVXqrW2s

Channel Id: undefined

Length: 123min 22sec (7402 seconds)

Published: Mon Sep 28 2020