From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss
Hacker Valley Studio8 Syys 2022

From Black Hat to Bug Bounties [Pt. 2] with Thomas DeVoss

We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cover everything we couldn’t get to from part 1 of our interview, including his struggles with burnout, his past hacking foreign countries on a bold quest to stop terrorism, and his future in Twitch streaming to teach you how to be a better bug bounty hunter.

Timecoded Guide:

[02:57] Fixating on hacking because of the endless possibilities and iterations to learn

[09:54] Giving advice to the next generation of hackers

[17:17] Contacting Tommy and keeping up with him on Twitter

[21:43] Planning a Twitch course to teach hackers about bug bounties using real bugs and real-world examples

[24:57] Hacking in the early 2000s and understanding the freedom Tommy has to talk about any and all illegal hacking he’s done now that he’s gone to prison

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone

PlexTrac is pleased to offer an exclusivecRed Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

Do you ever struggle with burnout when it comes to hacking?

Hacking has maintained Tommy’s interest longer than anything else because of the constant changes in technology and the ever-evolving issues in the online world. However, just because hacking is his passion, doesn’t mean that burnout or frustration never happens. Currently, Tommy is taking more of a break with hacking, letting his current day job and his passion for gaming have a front seat. However, he’s still firmly in the industry, passionately developing learning opportunities for future hackers and answering questions from cyber professionals of all backgrounds.

“I do get burned out sometimes…When it comes to bug bounty hunting, I try and make it so it averages out to where I make at least $1,000 an hour for my effort. It doesn't always work. Sometimes I'm more, sometimes I'm less, but I try and get it so it averages out to about that.”

What hacking advice would you give the younger version of yourself?

Although his black hat ways resulted in prison time for Tommy, he doesn’t regret his past and instead seeks to teach others the lessons he’s learned. When we asked Tommy for advice for new hackers, he was clear that success is a longer journey than people assume it is. Tommy’s success was not a fluke, it took years of hands-on learning and patience with failures in order to develop his bug bounty skills. Nothing is actually automatic or easy with hacking, especially as the technology continues to change and evolve. Tommy wants hackers to take every opportunity to try out their skills, even if it's a complete failure.

“Don't expect success overnight. Also, don't let failure discourage you. When it comes to hacking, you're going to fail significantly more than you're going to succeed. And the people that are successful in bug bounties are the ones that don't let those failures discourage them.”

What do you think about the “media obsessed” stereotype many people have about black hat hackers?

Wrapping up today, Tommy tells us that he’d be happy to be back in the Hacker Valley Studio again some time. Although the stereotype of a black hat hacker wanting attention from the media is disproven, Tommy believes that he definitely has craved that media attention for a large majority of his hacking career. Starting in the early 2000s, after 9/11, Tommy had one of his first brushes with fame in an interview with CNN about hacking Middle Eastern companies. Although his hacking and his politics have changed since then, Tommy enjoys having in-depth conversations about hacking and explaining the intricacies of what he does.

“We loved the attention back then, and I still love the attention now, it's nice. The good thing about now is, because I already got in trouble for everything that I've done, I've done my prison time, I don't have anything that I did illegally on the computer anymore that I can't talk about, because I've already paid my debt to society.”

What are the best ways for people to keep up with what you’re doing?

Considering Tommy’s success, it’s understandable that a lot of cyber professionals and amateurs have tons of questions for him. When it comes to getting in contact with Tommy, he recommends tweeting him on Twitter publicly so that he can not only answer your question, but help others with the exact same questions. Education is key, and Tommy is so dedicated to teaching other hackers that he’s currently developing a recurring Twitch stream centered around helping others learn about bug bounty hunting.

“I don't know how successful we're going to be in finding the bugs, but I think it'll be fun to teach people [on Twitch] and do it that way, so that they can actually spend some time learning it. The best way to actually learn this stuff is to actually try and do the hacking.”

-----------

Links:

Stay in touch with Thomas DeVoss on LinkedIn and Twitter.

Check out the Bug Bounty Hunter website.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn

Catch up with Chris Cochran on Twitter and LinkedIn

Purchase a HVS t-shirt at our shop

Continue the conversation by joining our Discord

Jaksot(408)

Mastering The Art Of Storytelling In Cybersecurity

Mastering The Art Of Storytelling In Cybersecurity

How do you effectively persuade team members and stakeholders to take action, convey the importance of new projects, or request additional resources? Communicating technical security information often leads to disconnection or worse, falls on deaf ears. During this hour-long livestream, hosts Ron and Chris tackle how you can turn the tables by leveraging the primal power of storytelling, enhancing attention and engagement. Impactful Moments: 00:00 - Introduction 04:39 - Storytelling & conveying information  07:39 - How do I tell better stories? 14:25 - The Story Circle & The Hero's Journey 22:11 - Understanding your audience 24:41 - Simplifying cybersecurity  30:20 - The impact of storytelling 36:01 - Mastering storytelling in cybersecurity  Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

25 Heinä 202338min

Hacking, Innovation, & the Formation of the First NSA Red Team with Jeff Man

Hacking, Innovation, & the Formation of the First NSA Red Team with Jeff Man

In this episode, Chris and Ron Eddings are joined by Jeff Man, a legend in cybersecurity. The conversation begins with Jeff sharing his experiences as a member of the first NSA red team and his involvement in groundbreaking projects. He discusses his early days working with computers at the National Security Agency (NSA) in the 1980s and his role in developing a software-based encryption system. Jeff also points to the significance of the first publicly available web browser and the impact it had on the internet and cybersecurity. Later in the episode, Jeff talks about his transition from the NSA to the private sector and his focus on Payment Card Industry Data Security Standard (PCI DSS) compliance. He explains the importance of PCI and how it provides a framework for organizations to protect sensitive data and maintain secure networks. Impactful Moments 0:00 - Intro 01:15 - Welcome Jeff Man 01:51 - Jeff’s introduction to computing and cybersecurity 09:25 - Creation of the first NSA Red Team 15:20 - Leaving NSA and Focusing on PCI 19:41 - Advice for Those Starting in Cybersecurity 21:53 - Staying up to date with Jeff Man Links: Stay in touch with Jeff Man on LinkedIn: https://www.linkedin.com/in/jeffreyeman/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

18 Heinä 202322min

Privacy by Design: The Future of Homomorphic Encryption & Secure Data Analytics

Privacy by Design: The Future of Homomorphic Encryption & Secure Data Analytics

In this episode, Chris and Ron interview Derek Wood from Duality Technologies, a leading privacy technology company to discuss the concept of homomorphic encryption and its significance in data security, privacy, and governance. Homomorphic encryption enables users to perform computations on encrypted data without exposing it, revolutionizing the way data is used and analyzed. In this episode, the group discusses the challenges in the current data landscape, the importance of security and privacy, and the potential impact of duality's solutions in various industries such as finance and healthcare. Check out Duality’s webinar, Why Data, Privacy, & Security Leaders are Key to Growth & Innovation Impactful Moments: 00:00 - Introduction 01:09 - What is homomorphic encryption? 04:03 - Misconceptions of security and privacy 06:25 - What is Duality’s mission? 10:04 - Does Google Drive use homomorphic encryption? 13:08 - What homomorphic encryption enables 22:08 - Innovations that Duality is working on 24:37 - Secure data analytics and Homomorphic encryption 31:41 - Impact of AI and LLMs on security and privacy Links: Stay in touch with Derek Wood on LinkedIn: https://www.linkedin.com/in/drwood/ Learn more about Duality Technologies: https://dualitytech.com/  Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

11 Heinä 202336min

The Future of AI In Cybersecurity

The Future of AI In Cybersecurity

In this episode, Ron and Chris explore the vast potential of AI in cybersecurity, including its ability to develop cybersecurity solutions, provide recommendations and predictions for cyber practitioners, and even assist attackers in identifying vulnerabilities and creating exploits. Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio.com Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Introduction 00:56 - The future of AI in cybersecurity 02:24 - Addressing the elephant in the room 03:15 - Amplifying your productivity  05:13 - AI & vulnerability management 09:00 - Remediating vulnerabilities with AI 11:41 - Join our community!  12:32 - Coding, building, & developing 18:13 - Final thoughts

27 Kesä 202319min

Vulnerability Hunting & AI with Brian Contos

Vulnerability Hunting & AI with Brian Contos

In this episode, hosts Ron and Chris are joined by Brian Contos, Chief Strategy Officer at Sevco to discuss his “movie-like” career trajectory and the rise of artificial intelligence (AI) in cybersecurity. With two IPOs and eight acquisitions under his career belt, Brian expresses his passion for startups and how getting out of his comfort zone transformed his business knowledge. The group also dives into the rise of artificial intelligence and how it will revolutionize the cybersecurity landscape. Stay in touch with Brian Contos: https://www.linkedin.com/in/briancontos/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 00:00 - Intro 01:09 - Introducing Brian Contos 04:03 - Brian’s passion for startups 06:13 - Emerging tech & AI 07:50 - The intersection of AI & cybersecurity  09:50 - The future impacts of AI 10:58 - How will AI enhance cybersecurity? 15:02 - Data assessment vs data integration 17:46 - Join our community! 18:48 - Getting out of your comfort zone 21:21 - Small touches lead to big finishes

20 Kesä 202324min

Balancing Work & Parenting In Cybersecurity

Balancing Work & Parenting In Cybersecurity

In this episode, Ron and Chris discuss the challenges of balancing cybersecurity and parenting. Chris, a father of three, shares his experience of being a parent while also working in cybersecurity. They talk about the sacrifices that come with being a parent and how to prioritize family while still maintaining a career in cybersecurity. They also discuss the importance of having a plan but being flexible enough to adapt to unexpected situations.  Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 02:39 - Balancing cybersecurity and parenting 04:27- Maternity/paternity leave in cyber 08:33 - Skills in parenting for cybersecurity 10:36 - Career sacrifices 14:05 Parenting with a support system 17:31- Being more than a parent

13 Kesä 202320min

What Is Security Architecture?

What Is Security Architecture?

In this episode of Hacker Valley Studio, Ron and Chris take a deep dive into all things Security Architecture and the essential skills you need to thrive in your role. Ron shares insights from his personal journey into security architecture as well as his expert advice on how to break in and stand out in the field. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 01:22 - What is Security Architecture? 03:04 - Day in the life of a security architect 04:01 - Different types of security architects 06:01 - Ron’s journey into security architecture 07:49 - What skills do you need? 08:40 - Join our community! 09:21 - Ron’s best practices 10:24 - Finding the right solutions 11:36 - What is the salary potential? 12:59 - How to stand out 13:52 - Advice for those breaking into the field

6 Kesä 202315min

Technical Dojos: Cultivating Skills and Navigating Change in Cybersecurity

Technical Dojos: Cultivating Skills and Navigating Change in Cybersecurity

In this cybersecurity podcast episode, Chris Cochran and Ron Eddings discuss the concept of 'dojos' as environments for growth and learning, drawing on experiences from their own career paths in cybersecurity. The 'dojo' metaphor is applied to various life experiences, with an emphasis on cybersecurity communities and events. Chris describes his journey to the west coast where he lived in a hacker house, a form of dojo where he, along with his roommates, focused on cybersecurity, technology, personal growth, and development. This life-changing experience spurred the creation of their podcast. Links: Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Impactful Moments: 0:00 - Intro 00:55 - What is a dojo? 02:25 - Technical/cybersecurity dojos 05:17 - Getting started 07:21 - What should you look for in a dojo community? 09:06 - How to level up and give back 10:14 - Join our community! 11:36 - When is it time to move on? 12:50 - Learning hurts - embrace it! 13:59 - What’s your next dojo?

30 Touko 202315min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
voi-hyvin-meditaatiot-2
psykopodiaa-podcast
psykologia
rss-duodecim-lehti
rss-niinku-asia-on
adhd-podi
rss-vapaudu-voimaasi
rss-valo-minussa-2
kesken
jari-sarasvuo-podcast
rss-luonnollinen-synnytys-podcast
aamukahvilla
aloita-meditaatio
rss-uskonto-on-tylsaa
rss-ai-mita-siskopodcast
rss-narsisti
rss-rouva-keto
rss-pedatalk
rss-metropolia-ammattikorkeakoulu