Unlocking Cyber Education with John Hammond
Hacker Valley Studio25 Aug 2022

Unlocking Cyber Education with John Hammond

John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with his YouTube channel, his passion for showcasing authentic and accessible educational materials online, and his advice for creating content safely and spreading awareness with not only a red team or blue team mindset, but with a purple team perspective.

Timecode Guide:

[01:37] Understanding the impact of content creators in the cybersecurity community, especially when it comes to YouTube educational content

[06:58] Becoming a successful YouTube creator through consistently posting hacking content and ignoring the stereotype of “overnight success”

[13:28] Combining his role as a cybersecurity educator with his security research at Huntress to explore exploits and have real life experience with what he teaches

[16:47] Focusing on the blue side of the house as someone with red team experience, and understanding how to use a tool like PlexTrac to create a collaborative purple team

[21:13] Being mindful of the impact he has through sharing this knowledge and understanding the risk of cybersecurity educational materials falling into “the wrong hands”

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

What is your origin story for wanting to educate other hackers?

Like many of us, John started his journey Googling how to become a hacker. As he gained more knowledge about the specific skills involved in hacking, John never left the internet behind, always seeking out videos and articles explaining new and emerging content. Inspired by those who created that content in the first place, he started his own YouTube channel, simply titled John Hammond, as has spent years cultivating a consistent hacker audience.

“Along the way, creating content and helping educate others through YouTube is really my main stage platform and has been just a passion project, a labor of love, and something fun along the way.”

What feelings do you get looking back on the YouTube content you’ve created so far?

John prioritizes clarity, transparency, and honesty in what he does, and he’s not afraid to show some humbleness, too. Overall, John is thankful for his YouTube success and the impact it had on the cybersecurity community. No matter what he’s showing in his videos, he prefers to keep things honest, to show where he’s made mistakes, and to accept criticism and advice from other hackers and offensive cybersecurity professionals that see his work.

“I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder. You're seeing me showcase something raw, live, genuine, and authentic…It’s not all sexy, there’s a lot of failure in hacking.”

Have you ever considered focusing on the blue team or the defensive side of cybersecurity?

The majority of John's YouTube content and the work he does in his role at Huntress Labs heavily involves the red team and offensive side of cyber. However, John is a huge advocate for the blue team and the red team collaborating and communicating better. Through making more concepts in cybersecurity accessible through educational content like John’s own videos, he hopes we can continue to bridge the gap and achieve that perfectly mixed purple team.

“We're all playing in concert. As one team sharpens their skills in the red team pen test, then it's up to the blue team to figure that out. What did they do? How can we better detect it? How can we stop and mitigate that security threat?”

What advice do you have for red team content creators that want to share content and spread awareness safely?

With the impact that he’s had and the content he’s put out onto the internet, John is no stranger to seeing the negative side of cybersecurity knowledge being more accessible than ever before.

Still, he wants to make sure content creators understand the value of transparency and honesty in what they do. Instead of fearing what could be, cultivate a community around making this level of knowledge and security available to everyone.

“Share, be transparent, be forthcoming. I know there are a lot of conversations about gatekeeping in cybersecurity, but there shouldn't be that. I understand there's grit and determination and hard work to do all the things that you're doing, but be friendly and be transparent and honest.”

----------

Links:

Check out our guest, John Hammond, on YouTube and LinkedIn.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn.

Catch up with Chris Cochran on Twitter and LinkedIn.

Continue the conversation by joining our Discord.

Episoder(404)

Looking Backward to GROW Forward in Cybersecurity in 2024

Looking Backward to GROW Forward in Cybersecurity in 2024

In this episode, we’ll take a walk down memory lane. Hacker Valley looks back to 2023 to bring you some of the best clips with great advice and insight into being more creative, reflective, and resourceful with the hopes of inspiring you in 2024 to grow beyond where you are today. Impactful Moments 00:00 - Welcome 00:54 - A New Year is on the Way! 01:54 - ChatGPT and Cybersecurity 04:40 - Becoming an Industry Creative 07:47 - Leveraging AI in the Future with Storytelling - with Scott Sunderland 09:12 - Advice for your Content Creation Journey - with Jason Rebholz 11:15 - How to Start your Cybersecurity Book - with Kim Crawley 14:13 - Join our Mastermind 14:50 - The Right Platform for You - with Phillip Wylie 17:08 - Finding your Focus - with Simone Biles & Amy Bream 20:41 - Leveraging Human Resources in Cyber   Links: Check out the episodes highlighted: ChatGPT & Industry Creative-https://www.youtube.com/watch?v=-u6m0SXFTmA Scott Sunderland-https://www.youtube.com/watch?v=5pwTruINFiM Jason Rebholz-https://www.youtube.com/watch?v=Ao81IRnffc8 Kim Crawley-https://www.youtube.com/watch?v=rKny7kVeRM0 Phillip Wylie-https://www.youtube.com/watch?v=z5B1E2vp0DY Simone Biles & Amy Bream-https://www.youtube.com/watch?v=DiebZS9s7sg Cyber Resources-https://www.youtube.com/watch?v=UoTk3w_78co Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

2 Jan 202423min

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

What’s Lurking In Your Containers? AMBERSQUID Operations, Freejacking, and Microservice Exploitation

In this episode, Host Ron Eddings, discusses new tactics of adversaries with Director of Threat Research at Sysdig, Michael Clark. Michael digs into the cloud and shares trends about the AMBERSQUID operation and how to protect yourself from potential container-based threats.   Impactful Moments 00:00 - Welcome 01:20 - Introducing guest Michael Clark 03:09 - Finding AMBERSQUID 06:46 - Mining and Monitoring AWS Services 10:47 - Defending Against AMBERSQUID 14:03 - The Speed of Container-Based Threats 18:13 - The Costs of Freejacking 23:08 - Attribution & The Future Threat 26:30 - CIEMs Like You Have Secrets   Links: Connect with Michael Clark: https://www.linkedin.com/in/michaelclarkinpa/ Check out Sysdig’s Threat Research: https://sysdig.com/threat-research/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

19 Des 202323min

Pivotal Policy in the Age of AI with AJ Grotto

Pivotal Policy in the Age of AI with AJ Grotto

In this episode, Host Chris Cochran chats it up with former White House Senior Director for Cyber Policy, AJ Grotto. AJ shares his viewpoints about the current state of AI policies, the potential risks and benefits of AI technology, and the challenges in crafting effective policies in the field of cybersecurity. Impactful Moments 00:00 - Welcome 00:45 - Introducing guest, AJ Grotto 01:14 - Are Cyber and AI Separate? 03:37 - US Cyber Policy 08:06 - The Reality of AI Risk 11:20 - From Law to Cyber Policy 14:47 - Join our Mastermind! 15:36 - Policy Implementations 18:55 - Cyber Warfare and AI 22:13 - Advice for Getting into Cyber Policy   Links: Connect with AJ: https://www.linkedin.com/in/andrew-grotto-2534b510a/ More about AJ and his current work: https://fsi.stanford.edu/people/andrew-j-grotto Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

12 Des 202324min

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

Ransomware: How to Use AI to Create a Readiness Kit with Scott Sutherland

The adversary is using Artificial Intelligence. Why aren’t you? In this episode, Host Chris Cochran talks with Scott Sutherland, VP of Research at NetSPI, about everyone’s favorite hot topics; ransomware and AI. Scott will detail his experience with simulating ransomware attack scenarios, as well as discussing the difficulties businesses face when dealing with ransomware threats and prevention mechanisms and how AI can be leveraged to help. Impactful Moments 00:00 - Welcome 01:10 - Introducing guest, Scott Sunderland 03:24 - Interactions with Generative AI Chatbots 04:14 - Use of AI and Readiness 15:16 - A word from our Sponsor, NetSPI 15:55 - Using AI to develop Exercises 20:46 - Collaboration beats Adversaries 25:08 - Ransomware Bots 26:15 - Role of AI in Storytelling Continuously keep pace with your expanding attack surface with the most comprehensive suite of offensive security solutions: https://www.netspi.com/hackervalley Links: Connect with Scott Sutherland: https://www.linkedin.com/in/scottpsutherland/ Learn more about our sponsor, NetSPI: https://www.netspi.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

5 Des 202328min

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

Cover Your SaaS: Navigating OAuth and SaaS Security Challenges

SaaS misconfigurations may be responsible for up to 63% of security incidents. Do your SaaS applications have risky OAuth grants and misconfigurations? Let’s not find out. We will unravel the complexities of OAuth and how attackers are using OAuth to move from one app to another. Our special guest Jaime Blasco, co-founder and CTO at Nudge Security, shares techniques to protect your SaaS apps and identify risky and malicious OAuth grants. Are you ready to cover your SaaS and avoid finding yourself in the hot seat?    Show some love to our sponsor Nudge Security and win a Steam Deck: https://www.nudgesecurity.com/steamdeck   Links: Connect with Jamie Blasco: https://www.linkedin.com/in/jaimeblasco/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

28 Nov 202345min

Standing Out On LinkedIn as a Cybersecurity Professional with Chris Hughes

Standing Out On LinkedIn as a Cybersecurity Professional with Chris Hughes

In this episode, host Ron Eddings speaks with Chris Hughes, President at Aquia, Cyber Innovation Fellow at CISA, and cybersecurity legend. Special guest, Chris Hughes, was initially inspired to build a personal brand through a desire to mend his weaknesses and highlight his strengths. However, LinkedIn offered a platform to display his growth and learning, leading to him amassing over 50,000 followers! In addition to sharing his story, Chris will emphasize tips on how to start your own personal brand.   Key Moments: 00:00 -Welcome 00:56 - Introducing Guest, Chris Hughes 01:59 - Finding His Way to Cyber 03:20 - Brand Building on LinkedIn 05:19 - Power of Networking and Personal Branding 11:32 - Be a Part of Cyber Creator Con! 14:31 - The Impact of LinkedIn on Career Opportunities 16:48 - The Art of Content Creation on LinkedIn 20:16 - Cashing in on Career Capital 22:05 - Advice for Building a Personal Brand   Links: Follow Chris on LinkedIn: https://www.linkedin.com/in/resilientcyber/ Check out Chris’ Podcast: https://resilientcyber.substack.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

21 Nov 202323min

Adversarial AI: Navigating the Cybersecurity Landscape

Adversarial AI: Navigating the Cybersecurity Landscape

In this episode, host Ron Eddings is joined by Sr. Director of Red Team Operations at Coalfire, Pete Deros, to discuss the hottest topic around; adversarial AI. Ron and Pete discuss how AI is used and how the adversary is using AI so everyone can stay one step ahead of them as well. Impactful Moments 00:00 - Welcome 01:35 - Introducing Pete Deros 03:30 - More Easily Phished 05:09 - 11 Labs Video 06:42 - Is this AI or LLM? 9:18 - AI or LLMs: Who has the Speed? 10:36 - Fine Tuning LLMs 14:37 - WormGPT & Hallucinations 17:01 - LLMs Changing Second to Second 18:38 - A Word From Our Sponsor 20:19 - ‘Write me Ransomware!' 23:24 - Working Around AI Roadblocks 28:00 - “Undetectable for A Human” 31:58 - Pete Can Help You Floss! 34:56 - OWASP Top 10 & Resources 37:00 - Check out Coalfire   Links: Connect with our guest Pete Deros: https://www.linkedin.com/in/pete-deros-94524b9a/ Coalfire’s Website: https://www.coalfire.com/ Coalfire Securialities Report: https://www.coalfire.com/insights/resources/reports/securealities-report-2023-compliance OWASP Top 10 LLM: https://owasp.org/www-project-top-10-for-large-language-model-applications/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

7 Nov 202339min

Protecting What You Can’t See with HD Moore

Protecting What You Can’t See with HD Moore

In this episode, host Ron Eddings is joined by Metasploit creator, co-founder and CEO of runZero, HD Moore. HD changed the world with Metasploit and he’s doing it again with runZero. Attack Surface Management can’t happen unless you have visibility into your home or company network and HD shares how he’s able to deliver that and so much more in his journey of creating runZero. Impactful Moments 00:00 - Welcome 00:50 - Introducing guest, HD Moore 01:30 - Fixing the Root Cause 05:00 - runZero 10:54 - A New Kind of CAASM 12:00 - Uncover the Unknown 14:08 - runZero Raving 17:45 - “Trust me, you can scan OT” 20:10 - You Can Scan if You Want To 22:30 - Red to Blue Judo Skills Links: Connect with our guest HD Moore: https://www.linkedin.com/in/hdmoore/ Check out runZero: https://www.runzero.com/ Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleys... Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

31 Okt 202324min

Populært innen Fakta

merry-quizmas
fastlegen
dine-penger-pengeradet
relasjonspodden-med-dora-thorhallsdottir-kjersti-idem
rss-strid-de-norske-borgerkrigene
foreldreradet
treningspodden
rss-kull
jakt-og-fiskepodden
dypdykk
fryktlos
rss-var-forste-kaffe
rss-sarbar-med-lotte-erik
hverdagspsyken
gravid-uke-for-uke
sinnsyn
rss-kunsten-a-leve
tomprat-med-gunnar-tjomlid
rss-mind-body-podden
historietimen