- Hey everyone, it's David
Bombal back with Neal Bridges. I've received a bunch of questions, I've been watching some
of Neal's Twitch stream and he's been getting a
lot of great questions on his Twitch stream so I've
taken some of those questions and we'll discuss some of those here and perhaps if the video gets
too long in a separate video. But Neal welcome. - Thanks as always David and glad you decided to
have me back again.(laughs) (upbeat music) - So, Neal, let's start with a question that a lot of people have asked. I get this all the time. What books or are there
any recommended books that you would have for getting
started in cybersecurity? So let's start with that. Do you have like a top
three, top five books that you would recommend
someone look at getting if they wanna get
started in cybersecurity? - Absolutely. And actually
I went to my bookshelf and actually pulled some books together so I could do like a little show and tell. The only book that I don't have here that you may have to include a link for is a book called "The Pentester Blueprint" which is starting a career as an ethical hacker by Phillip Wylie and I'll send you the link on that that you can get on Amazon. I don't have a physical copy of that book. That would be like book number one. So we had Phillip on our
stream a couple of weeks ago and he was talking about that book and talking about his
desire and his passion and some of the mentorship
things that he does to try to get people into a
career in ethical hacking. He does a project called Pwn School with the university in Texas where he actually teaches
ethical hacking to universities for free and brings that free
ethical hacking training. So he took all of that knowledge on starting a careers in ethical hacking, and brought it into a book called, "The Pentester Blueprint." So that's book number one,
that I would 100% recommend everybody get on board with as well. It's hard 'cause I've got
a bookshelf full of books and you read a whole lot of them and there's a lot of good
knowledge that's out there. And so when I looked across
kinda my series of books one of the first ones that I
would definitely recommend, is this one right here,
"Social Engineering" by Christopher Hadnagy. This guy is a literal genius when it comes to social engineering. And I think that this is an awesome book. When you look at just how
prevalent social engineering is as an attack tactic, it is literally used in 90% of the attacks that are out there. When you talk about fishing, whether you're talking about
vishing with a voice call, whether you're talking about trying to social engineer
your way into a building when it comes to physical
penetration testing, and so this book covers a lot
of the psychological mental and kinda the tactics that kinda come with doing social engineering and
so 10 of 10 would definitely recommend the "Social Engineering"
book by Chris Hadnagy. It's called the "Art of Human Hacking." - Neal, We were discussing this offline. I mean, sorry to interrupt again. Can you like give us like the 32nd? What is social engineering? And give us some examples we
were talking previously about. Do you have any cool
examples of something? So let's like, just
bring that in right here. So this book, give us an example if you can have way someone did something using social engineering to circumvent like really high security or something. - So you say high security and it's hard to define where
that bar for high security is in some of these pen test engagements. - Exactly. - I was pen testing a
hospital here in the U.S. a number of years ago and hospitals are
notoriously bad at security. There's is no one reason
why that's the case. It's just, hospitals are open. There's not a lot of physical
security as you would imagine because doctors have to
move from floor to floor, from room to room, nurses have
to move pretty frequently, you've got families that are coming and going out of the floors, it's hard to secure hospitals. Part of one of the pen
tests that I did one time, was social engineering and
physical access to the hospital. And I think one of the more glaring ones that I had done was I'd
put on a polo, a nice polo, I was walking around the
hospital with my backpack on and I had my Mac book in my hand, now on my Mac book I'm
like any other pen tester, I've got stickers everywhere
all over my Mac books so I mean, it's pretty clear that it's not your standard IT guy or maybe it is I guess it
depends on what your perspective of what IT is, and I walked
up to this receptionist in this hospital and I said,
"Hey, we've got some reports of some network issues that are coming from this side of the building, do you care if I sit down
right here at this desk right next to you and
see if I can troubleshoot some of this networking stuff?" And she said, "Yeah, absolutely." So I literally took my hacker laptop, sat it down next to her,
opened it up and pulled up Metasploit and some terminals
and things like this and just started to hack
literally right next to her. And after about 10 or 15 minutes, I just started Cain and Abel and I was like intercepting traffic and whatnot on the land port. I got to think to myself.
I was like, "Well, I wonder if I can take
this a little bit further." And so I turned to her and I said, "Hey, there appears to be
some really weird activity going on with your account that I can see because I'm sitting
right here next to you." I said, "Can you give me your password so that I can check and
make sure that your account looks in order in the system?" And she said, "Yeah, absolutely." So she took out a post-it note, wrote her username and
password on a post-it note and handed it to me
right there on the spot sitting right next to her. I mean, but when you talk about like, that's why I laugh at
the high security part because there's not really
a high or a low security in some of these places when it comes to doing things
like social engineering and that's not an edge case. It's fun to laugh at, but I could tell you numerous
places where I've tried that similar tactic and
technique and it works. You just seem like a smart guy. You seem like you're in IT. You have all these really cool things that I have no idea what
it is that you're doing, so obviously you look like you're in IT and I couldn't ever imagine that a hacker would be
sitting right next to me my own place of business. So yeah, here's my password have added. - So, I mean, let me push you a bit. Now social engineering
versus technical skills is there a whole domain where someone can become a specialist
in social engineering? The reason I asked this is
because I saw a video on YouTube where a lady is supposed to
be a social engineering expert and she pretend she's got a crying baby and she missing this phone call and she just like, seem so
polite and seem so trustworthy that she gets past all the gatekeepers. - Yeah. I mean, I think
so short answer is yes. And actually social engineering is one of those areas where
it's not for everybody. As a matter of fact, I've
had pen testers work for me. I had a brilliant pen
tester work for me one year when I was working for a
big four consulting company and he could do wireless and
network based exploitation with the best of them. But we tried to get him to do a social engineering engagement, and he actually got physically anxious about the prospects of lying
to another human being. And I'll tell this story
because I this is also, when you talk about,
social engineering stories, this is a fun story to tell- - Stories are always fun. So real world stories always
the best so go for it. - I got stories for days. I got stories for days. So we were this particular
engagement that we were doing was against the university in the Northeast part of the
United States of America, and this was before we
were ever going on site. This was, we were doing most of the social engineering remotely and so we had scraped their website and had come to find and
universities again, like hospitals are terribly bad at security
on a whole lot of fronts. And so universities
naturally just wanna be open for all their students
and all their faculty and things like that. And so they had posted on an IT page on the web, some noticeable downtime that
they were gonna be having because of some IT work that
they were going to be doing. And so we stood up, there's a .it domain. It's supposed to be for Italy, but you can pay like $75 for a domain and you can get a .it domain. And so we paid for this
university's domain in .it and so it read like, and
I can't say the university but it read like that university.it. And so it looked like it was an it domain and we scraped the webpage, we made it look just like the university and we took their online directory and we just started calling
administrative assistants, we started calling executive assistants, we started calling people
who would typically be at their desk and handling
affairs for large divisions and our script was very much like, "Hey, you may have seen on the website that we've got this planned
upgrade of this system? We need you to, while
we're on the phone with you go to this university domain.it let's download this update together and let's make sure that
we get your PC updated. And they did it. And they did it on the phone with us. And we tried to get... We wanted this individual
to have his chance to practice his social engineering skills and he got physically anxious. And so kinda roundabout way to your original question was, yeah. I mean, it takes a certain mentality and this is gonna sound terrible from like an ethos perspective but it takes a certain
mentality to sit on the phone with somebody or to look them in the eye and knowingly lie to them and trick them into doing something that you know could be detrimental to them. (laughs) - Yeah. As I can understand that some people wouldn't wanna do that. - Yeah. - So the idea of social
engineering is that you're talking to humans
so rather than machines. You're getting humans to do something that they shouldn't really do. - That's true. - Like you're tricking them
basically to do something, yeah? - Yeah. I mean, you're eliciting a human
response in the digital world whether that comes in the
form of clicking on an email, giving up a user ID and a password, letting you into a building, right? Letting you have access to a calm closet, whatever the case is, it's eliciting that type
of digital response. - So what do you like about that book? What does it teach you to do? So I'd like these kinds of how to interact with humans, how to read body language, what does it kinda teach you? - It's very much the
psychology of it, right? It's how to make eye contact. It's how to engage in that conversation. It's mirroring techniques. It's how to read humans in a way that allows you to determine, do you still have control of the situation or has doubt entered into their mind and how do you control that doubt? And it's about carrying forth. Like you mentioned, the lady that you watched
who had the baby crying in the background, it's understanding some of
those social norms where, what is the impact of a baby
screaming in the background have on a person's psyche when they're on the other
end of the phone with you? What's the difference between, "Well, fine. Let me talk to your manager." Or even if you're conducting
a penetration test, you're like, "Fine. I'll let you talk to my manager." And in this case, when we
were doing the university, we actually did have somebody who wanted to talk to
this person's manager and they literally handed the phone and I pretended to be the director of IT for this university. And so it's going through that
prospect of understanding, what are the human emotional reactions whenever they're challenged
or asked for something and then how do you
counter those challenges? And it walks you through
that path of basically defeating the human psyche when it comes to social Well engineering. - Okay. So that's great. So Neal, I should have asked
you about your first book. So the first book is like
more technical, isn't it? - It is. It is. It's more tactical. - And what's your third book? - So the third book that I have here, and since we talk a lot about
OSCP and things like this, is this one right here, right? "Basic Security Testing
with Kali Linux," right? And so this was done by Daniel Dieterle and this one really just
kind of walks you through... This is almost a primer
for how to use Kali Linux for doing day-to-day penetration testing. So it walks through Metasploit, it walks through open source
intelligence gathering, it's got recon-ng in here. And so this is almost like they took everything that was available inside of Kali Linux and
they put it inside of a, "Here's how to pick up Kali Linux and basically start doing
penetration testing." And so when we talk about like, and you challenged me on
this during the last video which I very much appreciate, right? Which is cert based, you getting searched for credentials and getting past the gatekeepers versus actually getting knowledge. And so I look at books like this and the reason that I highly
recommend books like this is because you can pick this
book up and you'd be like, "I wanna learn how to use
recon-ng inside of Kali Linux." And you can go to the recon-ng section and you could figure
out how to use recon-ng and you could start using recon-ng today. That's gaining knowledge in this space that's gonna help you
actually know the tools and be more useful for the tools which is why I'm a huge fan of books. - Yeah, so I bet that's
teaching you a whole bunch of tools in Kali? - Yeah. This one's really focused on the tool kit that you have available in Kali and so when you think about, when you're getting into this career space you're familiar with Kali because of OSCP, because of just the place that Kali has with most people in their testing toolkit. And so you have to have a manual just like you have for your car or just like you have
for almost anything else, that tells you all the
features and capabilities and tools that are inside of Kali. Obviously use with caution, as we've seen Kali change pretty
extensively over the years but some of the fundamental
tools that are listed in here like recon-ng and whatnot
and how to use them, are still very much relevant in this book. - That's great. So what's your fourth book? - So the fourth book along
that exact same line, is one that kinda dives a little deeper and is the "Metasploit Penetration
Testing Cookbook," right? So we've talked about
Kali from a broad sense, but one of the biggest
toolkits that you're gonna use inside of Kali especially if you look at like kinda your Swiss Army Knife if you will of penetration
testing tools inside of Kali, is gonna come to be Metasploit. And one of the things I like to talk about this is Metasploit,
it's one of those tools that you don't have to run in Kali, you can fire up an Ubuntu VM, you can download Metasploit
from the get rate repo and you can stand it up from scratch. And this type of book is
still very useful as well and so it goes through the ins and outs of how Metasploit is built as a framework, the different components of part of it, the auxiliary modules, it talks about how to
set it up as a proxy, how to set it up to do SSH tunneling, all of the scripts that you can do, how to do payloads that avoid
antivirus and how to deal with things for post exploitation perspective. And so when we talk about, what happens when you get onto a box or where do you find these
big, huge repositories of exploits that you can use
during a penetration test, this is probably gonna be your first stop inside of Metasploit, and so that's why I like this one is because you start
broad with the Kali book but then you can find truth your way down to something like this and
focus in on Metasploit. And that right there
between those two books, you've probably covered 70%
of the knowledge that you need in the penetration testing
industry to get started. - That's great. I mean, the problem with training courses sometimes is the costs. We spoke previously about SerDEs and you used to train for SerDes. I mean, it's really expensive but for a lot of people,
they can get a book. I really like O'Reilly because O'Reilly has the
subscription pack do the same. Have the subscription service
where you can get access to a whole bunch of books. So just knowledge is much
more freely available today than it used to be. But before I go off on a high horse again 'cause you and I are very good at that, what's your last book? - So the last book that I have, is actually called "The Hacker Playbook." It's a practical guide
to penetration testing. So again, I'm a huge fan of having tools in a toolbox and
for you to understand the tools that you have available to you. But I like also teaching mentalities and teaching concepts and teaching, how should you think as an ethical hacker? And so this book right
here walks you through how to think about
chaining exploits together, how to think about chaining attacks. When we talk about chaining
exploits or chaining attacks, you asked me about social engineering, that's all well and good but what do I do once I've social engineer
my way into that building or what do I do with that
username and password? And that may seem like a simple example, but that type of like, "Okay, I have a step one that I have to do, now I have step two. Now I have step three. Now step four. Now step five." Where you combine social engineering with maybe, you've packaged
up some piece of malware that gets you in an initial foothold and then you may have to do
some post exploitation activity on that and some lateral movement, that all represents a chain. We've oftentimes referred to
it as the kill chain, right? Or a chain of attacks. And so this book very much helps you get into that hacker mindset that says, "How do you take an
initial access foothold and perpetuate your access
across the entire environment and gets you into thinking about that like an attacker perspective?" So when you look at all
five of these books, it encompasses Phillip
Wylie's, getting in, here's what you need to get
your foothold in the door as a career, as ethical hacking, now let's talk about the
tools inside of Kali Linux, Social Engineering, Metasploit, and now let's talk about
training your mentality of thinking like a hacker. And so that gives you, in my opinion, a very solid foundation into where your head should really be at coming into this Space. - I mean, that's great. And then we've mentioned
this multiple times how do we practice? So like, let's say, read those books but reading about whatever
tool is kind of pointless. How do I practice? - And this is where I go back to some of the things that
we talked about during one of our first
interactions together, right? These hands-on ranges like
TryHackMe, Hack the Box, range forces is something
we've stumbled upon recently on our channel, I did a walkthrough of
the range force demos or the range force exercise range a couple of days ago on my stream- - I saw that. - Yeah. We've seen a lot
of players come into this, "Hey, let's put our hands on the keyboard and let's teach you how
to be more tactical." Because I think HR is really coming to realizing that certs are certs. We want people who have
hands-on experience. We want people who can show that they're
experienced in this realm. And that's why I push people
into these lab environments, these online lab of ours,
'cause this is something and I don't know if we said
this on your show before or we've said it on mine, this is something unprecedented. Like when I was coming up in this space, like I had to do my own servers. I had to have my own Cisco switches. I'd have my own virtual machines to practice all this stuff
myself, which you can still do. I'm not saying don't do that, but now it's incredibly easy where you don't have to do that. If you have a laptop
that you can put Kali on, you can go do TryHackMe. I don't even think you need
Kali for some of these labs and TryHackMe, Hack the
Box and things like that. You can just kinda go and
start working on them. And that's completely unprecedented to when I was learning how
to do hands-on in this space. - It's always been a problem. I mean, in networking
we had the same problem in the past where you had to buy, I mean, we're showing our age again. You had to buy all the
physical equipment of cost like 1000s and 1000s and
1000s of dollars and then- - I can remember the eBay stuff. Like you'd look for racks of
stuff like CCNA one right here. - Yeah. I mean, it was mad and then
everything got virtualized and now we have more and
more of these online labs that people can complete or you can build these virtual labs using packet trace or whatever. So, I mean, it's really nice to see
how the world has changed. And I mean, I'm a firm believer the more people that we can educate and the more people that we can help, the better the world's gonna be. So the chances for
people all over the world being able to empower themselves through these platforms is fantastic. - And this is why again
when we talk about, cert knowledge versus
real knowledge, right? Go get a book, go get
one of these five books. We'll get all five of these books. Go do TryHackMe, go to Hack the Box because
you're gonna get more, and you're actually gonna
be a better pen tester following this path, then following the path of like, "Well, should I go get CEH, right? Because you're not gonna be taught how to think about your
attacks in a kill chain. You're not gonna get a
deep dive on Metasploit and how to do antivirus evasion. You're not gonna understand literally almost every tool that's
listed inside of Kali Linux. You're not gonna understand how to do social engineering
attacks from CEH, right? That's not something
you're gonna get- (laughs) - I know you love CEH, (murmurs). I've got a whole dedicated video on that which I'll link here... (laughs) but I'll put Neal in
the hot seat about CEH. - Neal's very passionate
about CEH. (laughs) - I gotta wind you up. So, Neal I mean, let's talk practical now. Okay. So those books are
a great way to get started but surprise is we've actually
got some additional books that you put together for practical stuff. So what are your top five
practical, ethical hacking books? - No, that's fantastic and I'm glad you asked me for both, right? Because you're obviously getting started. But some things that I think, every pen testers should
have on their shelf or every pen testers should read it at some point in time in their life. This book when is come out, has probably been the single biggest. I'm so glad to have
this in my toolkit book that I've ever had. It's RTFM, it's Red Team Field Manual. And it's very thin. You can kind of see it's very tiny book, I think it's only like
four or $5 on Amazon. I can't remember. I'm sure you'll find it
when you post the video. But when you look at this book, this book I don't think this
will show up well on camera- - [David] I'll take a
screenshot so that's fine. - Yeah. It's got PsExec and here are the top three
commands that you're gonna use for PsExec, you can skip
forward a little bit and you can find Windows Registry. Here are the top Windows Registry keys that you need to be interested in, in terms of where to put your malware, how to use your malware, right? IPv4, IPv6, right? InMap, it's tool syntax for InMap and it breaks down all the commands and everything that you can use for InMap. And so even to this day, if I
were to go on an engagement, this book is in my toolkit
just like my hack five toolkit, just like all the hardware stuff. It's right next to my laptop and yes, if I forget a
command, I'll check here first before I go to Google and
figure out how to work it because they've done just such a great, great job of putting
stuff into this book. And so number one is RTFM. Like, this is a huge book. Like you should have this in your arsenal. Because I'm also not necessarily related to practical at their ethical hacking but also along that same lines, just because I like to give a
plug for my Blue Team folks, there is a Blue Team, a handbook
that is also very similar to RTFM for "Incident Response Edition" which also walks you through
very similar type stuff on the incident response side. So you know me, I'm always
trying to plug the Blue Team at the same time that I'm
doing the Red Team stuff. So that's why- - Neal, what I really appreciate about you since I've met you is the reason why I think it's good that
you mentioned this stuff, it's just because
there's so many more jobs for Blue Team. So yeah. Feel free. - Yeah. Yeah. I mean, it is. We've talked about that before. So yeah. So Blue Team equivalent, it's called the "Blue Team Handbook the Incidence Response Edition" still lots of good stuff in there. Again, it may be Blue Team, but again I tell my Red Teamers
this all the time, right? Which is understand how an
incident responder thinks that way you know how to evade them when you're doing a penetration test. - Yeah. That's a very good point. - I get asked a ton
and I'm sure you do too when it comes to like which
language you should learn- - I think we pulled it on. - I think we've answered
that question all the time. Absolutely. And so I think
I've mentioned Python. And so this is one of my
favorite books right here "Gray Hat Python" and this walks through not necessarily, it assumes
a very baseline knowledge that you have Python in there. So again, getting back to the fact that this is a practical set of books, you're kind of maybe a
little bit more established but this walks through
kinda how do you use Python, excuse me for certain APIs to do certain types of web scraping, to interact with certain tools and technologies that are out there, how do you basically use Python to help make you a better
penetration tester? And so that's very much why
I like the "Gray Hat Python" book very much because it walks through there's a lot of different
use cases that you can use in terms of how to use Python,
where you can make it better, does everything from
helping you write malware find memory corruption, vulnerabilities, figure out how to interact
with assembly language all the way to programming DLL injection, type of malware and
remote thread creation. So very good book that covers a wide range of topics when it comes to using Python in the penetration testing space. - And I mean, just to summarize, we've discussed this multiple times. Python would be your first or preferred first
language to learn, yeah? - Yeah, yeah. I think I've narrowed it. My top three is Bash,
PowerShell and Python. And so I feel like you
learn Bash and PowerShell as you come up in this space naturally. And so as you learn Python, a
book like this helps you kinda take your Python really, in
my opinion to the next level. - Is that all the books? - No, no. I've got two more. - I was gonna say (murmurs) I'm waiting for the next book. - Oh my God. I got you. I got you in the edge of
your seat wait for books. That's good. - So this one, you can see this one has gotten quite a lot of
use in my library here. This is the "Malware
Analyst's Cookbook and DVD." One of the things that
I think is important and you'll hear me harp
on this all the time when I talk about penetration testers, ethical hackers, Red Teamers,
is the hacker mindset. But one of the things that
I think people lose sight of when they think about hacker mindset, is how does malware work, right? What is the thought process behind some of these
criminal organizations when they go to develop malware? And so I think a well-rounded
penetration tester has some malware analysis,
expertise in them because that shows that they do understand either A, how malware works or B, at least the ability
to notionally pick apart some malware to understand how it works because again, let's go back to the root of penetration testing. The root of penetration testing
is to simulate an adversary, simulate a hacker attacking
an organization, right? In an ethical fashion. How can you do that if you don't understand how malware works, if you don't understand
the ins and outs of it? And so I'm a huge fan of getting well-rounding yourself out by throwing a little bit of
malware analysis in here. So I think this is a fantastic book to kinda help you in that regard. - So Neal, I have to ask the question, are these books current to
today or is it quite old? - So that's a great question. This book has been on
my shelf for a while. This is a Wylie book. I don't even know what the
copyright on this book is. - But it's still relevant, yeah? - Yeah. And that's kinda the key, right? If you're looking for
something on zero login, obviously that's not gonna be here, right? But these books aren't
here to teach you about like zero log-in or even
about like start focusing on SUNBURST or SUPERNOVA
or any of the stuff that's gone on with SolarWinds. These books help you build muscles, build core muscles that help you stand up regardless of the new
tactics or techniques, regardless of new tools that come out, regardless of any of this stuff. This stuff's not here to teach you, how are you gonna do the
latest AMSI bypass or ASLR, defeat mechanisms or things like this. This is here to teach you, "Here's how you use
Python to make yourself a better penetration tester and there's stuff that
you can use in there." Now the flip side of that, right? Is that we still see a lot of networks on the ethical hacking side
that use things like Windows NT, Windows 95, Windows XP, we still see a lot of systems that don't have antivirus on them at all, don't have ASLR enabled, we tie this conversation as well about the efficacy of using
PowerShell in penetration test and even PowerShell V3 not everybody has PowerShell
logging turned on. Not everybody has got
execution mode disabled on workstations inside of
a corporate environment. And so you have to be careful when we talk about this
concept of currency, what are you hoping to
achieve with currency? Do you wanna know the iOS update
that just got dropped today that I'm gonna talk about
on my stream tonight? Is because of three, zero-days. Do you wanna know the ins and outs of those three, zero-days? No, you're not gonna read a book, right? But do you wanna understand
how people find iOS zero-days or how to do bug bounties inside of iOS and things like this, that's where you're gonna pick up a book and read how to do that type of work. And so I'm always
cautious when people say, "Well, how current are these books? What are you trying to
achieve with currency or trying to build core
muscles and core foundation or you try to exploit the latest and greatest thing that came out today?" - That's a very valid point. I mean, you get it in all spheres, you need to be able to crawl
and walk before you run. So learn the basics? - Yeah. Yeah. Basics are something that
is very commonly overlooked in our industry, that I
I will always harp on. I'm that gym instructor who's like, "Did you do your pushups
and sit ups today?" Like, that's it. I mean, you don't need to worry about bench pressing 300 pounds if you didn't do your
pushups and sit-ups today. Like that's just not a case. (laughs) - So, I mean, I don't
wanna like deviate now because by the time
this video is published, your stream would have gone. But you're talking about
you're interviewing someone where you're gonna talk
about these zero-days. Is that right in Apple iOS? - Yeah. So tonight we are interviewing
the former CSO of Splunk. He's also the former Deputy
CSO of Symantec, Joel Fulton. He's got a fantastic story. If you get an opportunity to check out the stream that'd be fantastic. - I'll put at link below. - Yeah. He's got an amazing story about how he got into security and some of the things he does. It's truly one of the awesome
rags to riches stories that we have in our industry. We're gonna be talking about literally the iOS zero-days that
just got dropped today. We're gonna be talking about a lot of the other stuff that's happened from a cybersecurity news
relevancy perspective and kinda get his take
on it, his big picture, take from a cybersecurity perspective and then of course, we're gonna push him
hard on his career advice having been a CSO, I very
much take these opportunities with folks like him to
give his CSO perspective on what he looks for when he
hires cybersecurity people. Because again, we've talked
about this on stream, right? You've got HR gatekeepers
who are looking for CEH and Cert Plus and things like this. But I think what some people who come into this career field don't have, is the CSO sits at the very top. And the CSO is the guy who's like, "I don't care about that stuff. HR stop putting these stupid ridiculous gatekeeping stuff on getting people into cybersecurity." And I think it's important
for audiences to hear, this is truly gatekeeping. Let's talk about what the real
need of the real industry is and that's the message that
I think people need to hear about how it is to get
into this career field, not just what they focusing on the HR gatekeeping in the job Lex. - How do you say the winds of change where companies are realizing the
certs are not as relevant and preps are now asking for other things or is this something that
you're hoping to see happens? - I think the industry
is still notionally split down the middle on it, and if you look at the big fours, so we talk about the big
four accounting firms being like EY, Ernst & Young,
PWC, Deloitte and KPMG, a number of years ago I think it was probably
like four or so years ago, these are huge accounting firms. They're $50 billion
organizations globally. They dropped for the most part all of them I think the KPMG may be
the last one to drop it but I know EY, PWC and Deloitte have dropped their requirement
for a four year degree to bring people into their organization. And I think that right there is a fundamental shift in a lot of companies to say, "Well, you don't need to
have a four-year degree to come work for us anymore." And I think that HR teams
and it's been proven and we've had two recruiters
who have come on stream and talked about this as well. Some of these very, very
attuned corporate recruiters and even some of the recruiters who are specific to the
cybersecurity industry, do understand the value of
hands-on practical experience more so than the paper chase
that comes with the SerDes and so my advice to people is, don't let one recruiter tell you that you have to have 15 certs. Don't let one recruiter tell you that because you don't have OSCP,
you can't apply for this job. Chances are that recruiter isn't the only one that's recruiting for that pen testing job. One piece of advice that
I did give on stream that I'll share with you and your audience on your channel too is, you wanna be a hacker, you wanna be an ethical hacker, part of being an ethical
hacker is thinking outside the box, right? How do you take a system and how do you make a system do what it is that you want it to do, through means other than what
it was intended to do, right? You should be thinking about
your career the same way. Right? And so I said this recently, I think I kinda got onto a
small little Neal Soapbox on my stream here recently where I talked about hacking LinkedIn and I think you and I
are gonna do a segment- - Let's not get into that 'cause I wanna put that
in a separate video. But I'm gonna- - Will tease that one up. - That's gonna come in in another video 'cause I think this
one's already too long. So Neal, you better give me the last- - The last one. (laughs) - I'm gonna put you on your Soapbox so we can put that in the next video. - The last box or the last book, right? And again, I go back to teaching concepts and teaching mentality, right? Is cyberwarfare, right? And this is actually one of
the first books that I got about the subject when it first came out back in the day you mentioned O'Reilly and that's an O'Reilly book down there, this "Cyber Warfare" book. And I just looked at this, it's got a daily progress report from my days in the military. Like I didn't even realize that. Look at this, I've got
stuff from the military still embedded into this book. I didn't even realize it. (laughs) Anyway, so this is a
fantastic book by O'Reilly and again we talk about, and I'm okay being the old guy
in the room and being like, "This is a history book, right? This is the first book that
was really, really written to talk about some of the cyber conflicts that were happening across the world." And I mentioned this frequently,
my time at the government I learned more about geopolitics dealing with, "Can you hack
this nation from this nation?" If you're gonna attack
Syria, you can't do it from any of these other
middle Eastern countries because of all these interweaved
geopolitical constructs. This book really dives deep
into helping you understand why a hack on Estonia isn't just about, "Oh, Hey look, they defaced
a couple of websites. So they brought down
the internet of Estonia. It's about a larger
geopolitical conversation. And so when we talk about understanding of the
mindset of a hacker, right? I think it's easy to
understand the mindset of a ransomware hacker, their
mindset is go make money. But it's not easy to understand
what the broader picture of cyberwarfare looks like
across the entire world and so that's why I recommend
this book immensely. - Okay. Now I'd like
to put you on the spot. So you didn't know this was coming because I just thought of it. - Oh, oh. - Neal, I haven't got a lot of money. Give me the top three
books if I wanna get in, like out of all those
you've shown me 10 books or shown us 10 books, put you on the spot. Could you like recommend three books maybe just to get started 'cause I
can only afford three books. - Absolutely. If you could only afford three books, "Pentester Blueprint" by Phillip. So that's book number one. I'm gonna go "Social
engineering" with Chris Hadnagy, number two. Okay. And then I'll do this. And again, this is thinking
outside the box, right? If you don't have a lot of money and you wanna be an ethical hacker, right? And you wanna get a
job in ethical hacking, you're probably looking
at OSCP as a far out thing but right now you need to solve problems of filling knowledge gaps. So "Pentester Blueprint" by Phillip, "Social Engineering the
Art of Human Hacking" by Chris Hadnagy and then understand Kali Linux. Because eventually, eventually
when you take your OSCP, all of this will be relevant but at least now you can start to use the number one pen testing toolkit that's out there on the market today and you can start doing
things like TryHackMe, Hack the Box and everything else and at least you can familiarize yourself with the tools that you
have at your disposal and start to get your hands
dirty with those tools. So there you go. Those three books that I'd
flip right back over to you and say, "That's what you do." - That's great. I mean, Neal this video
has got really long, so I'm gonna cut it here and then we'll talk about LinkedIn, how do you like hack your
career using LinkedIn and I wanna ask you some other
stuff in a separate video, so thanks again for your time. - Absolutely glad to be here. (upbeat music)
