Unlocking Cyber Education with John Hammond
Hacker Valley Studio25 Aug 2022

Unlocking Cyber Education with John Hammond

John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with his YouTube channel, his passion for showcasing authentic and accessible educational materials online, and his advice for creating content safely and spreading awareness with not only a red team or blue team mindset, but with a purple team perspective.

Timecode Guide:

[01:37] Understanding the impact of content creators in the cybersecurity community, especially when it comes to YouTube educational content

[06:58] Becoming a successful YouTube creator through consistently posting hacking content and ignoring the stereotype of “overnight success”

[13:28] Combining his role as a cybersecurity educator with his security research at Huntress to explore exploits and have real life experience with what he teaches

[16:47] Focusing on the blue side of the house as someone with red team experience, and understanding how to use a tool like PlexTrac to create a collaborative purple team

[21:13] Being mindful of the impact he has through sharing this knowledge and understanding the risk of cybersecurity educational materials falling into “the wrong hands”

Sponsor Links:

Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

PlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!

What is your origin story for wanting to educate other hackers?

Like many of us, John started his journey Googling how to become a hacker. As he gained more knowledge about the specific skills involved in hacking, John never left the internet behind, always seeking out videos and articles explaining new and emerging content. Inspired by those who created that content in the first place, he started his own YouTube channel, simply titled John Hammond, as has spent years cultivating a consistent hacker audience.

“Along the way, creating content and helping educate others through YouTube is really my main stage platform and has been just a passion project, a labor of love, and something fun along the way.”

What feelings do you get looking back on the YouTube content you’ve created so far?

John prioritizes clarity, transparency, and honesty in what he does, and he’s not afraid to show some humbleness, too. Overall, John is thankful for his YouTube success and the impact it had on the cybersecurity community. No matter what he’s showing in his videos, he prefers to keep things honest, to show where he’s made mistakes, and to accept criticism and advice from other hackers and offensive cybersecurity professionals that see his work.

“I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder. You're seeing me showcase something raw, live, genuine, and authentic…It’s not all sexy, there’s a lot of failure in hacking.”

Have you ever considered focusing on the blue team or the defensive side of cybersecurity?

The majority of John's YouTube content and the work he does in his role at Huntress Labs heavily involves the red team and offensive side of cyber. However, John is a huge advocate for the blue team and the red team collaborating and communicating better. Through making more concepts in cybersecurity accessible through educational content like John’s own videos, he hopes we can continue to bridge the gap and achieve that perfectly mixed purple team.

“We're all playing in concert. As one team sharpens their skills in the red team pen test, then it's up to the blue team to figure that out. What did they do? How can we better detect it? How can we stop and mitigate that security threat?”

What advice do you have for red team content creators that want to share content and spread awareness safely?

With the impact that he’s had and the content he’s put out onto the internet, John is no stranger to seeing the negative side of cybersecurity knowledge being more accessible than ever before.

Still, he wants to make sure content creators understand the value of transparency and honesty in what they do. Instead of fearing what could be, cultivate a community around making this level of knowledge and security available to everyone.

“Share, be transparent, be forthcoming. I know there are a lot of conversations about gatekeeping in cybersecurity, but there shouldn't be that. I understand there's grit and determination and hard work to do all the things that you're doing, but be friendly and be transparent and honest.”

----------

Links:

Check out our guest, John Hammond, on YouTube and LinkedIn.

Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.

Follow Ron Eddings on Twitter and LinkedIn.

Catch up with Chris Cochran on Twitter and LinkedIn.

Continue the conversation by joining our Discord.

Avsnitt(404)

Cybersecurity Meets AI: The Good, The Bad & The Janky

Cybersecurity Meets AI: The Good, The Bad & The Janky

There’s no doubt that AI is changing the game in cybersecurity, but not always in the ways we expect. In this episode, Ron Eddings shares his firsthand experience with AI-powered tools that make him a cyber superhero—when they work. From automating security tasks to turbocharging programming workflows, AI is proving its value, but also revealing its limits. Through live walkthroughs and real-world examples, he showcases how AI automates security tasks, accelerates programming, and enhances research—while also showing why some cybersecurity actions should stay human-led.   Impactful Moments: 00:00 - Introduction 02:00 - The good and bad of AI in security 04:00 - Google’s AI weapons controversy 06:30 - Deepfake scams and AI-powered phishing 09:00 - How AI helps (and fails) at programming 12:00 - Automating security research with AI 18:00 - AI-generated meeting notes & productivity hacks 21:00 - What AI should NEVER do 23:00 - The future of AI in cybersecurity   Links: Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

13 Feb 22min

A Human-Centric Approach to Cybersecurity with Edna Conway

A Human-Centric Approach to Cybersecurity with Edna Conway

What if cybersecurity was more than just tech—what if it was about the people it serves? In this episode, Edna Conway, Founder and CEO of EMC Advisors, shares her incredible journey from law to cybersecurity and explores the human element often overlooked in technology.  Recorded live at InfoSec Nashville 2024, Edna discusses the intersection of innovation and tradition, the critical role of accuracy in AI, and her vision for cybersecurity's future. From anomaly detection to the wisdom of creating "enclaves," her insights remind us that tech is here to serve people, not the other way around.   Impactful Moments: 00:00 – Introduction 01:22 – Keynote insights: Innovation meets tradition 02:39 – From prosecutor to cybersecurity leader 07:00 – Human-first approach to AI and security 11:40 – LLMs in cybersecurity: opportunities and accuracy 16:34 – Balancing risk with AI use in business 23:06 – Bringing diverse talent into cybersecurity 32:30 – Advice on leadership and collaboration   Links: Connect with our guest, Edna Conway: https://www.linkedin.com/in/ednaconway/ Learn more about ISSA Middle TN here: https://issamidtn.org/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

4 Feb 35min

Rise of the Machines: Why Your Attack Surface Has More Holes Than You Think ft Pandian Gnanaprakasam

Rise of the Machines: Why Your Attack Surface Has More Holes Than You Think ft Pandian Gnanaprakasam

Did you know nearly half of your enterprise devices are agentless—leaving your attack surface wide open? In this episode, Ron is joined by Pandian Gnanaprakasam, Co-Founder and Chief Product Officer at Ordr, to discuss the critical risks posed by agentless devices and how orchestration can strengthen your defenses. Pandian shares key findings from Ordr’s 2024 "Rise of the Machines" report, highlighting the risks of overlooked agentless devices. He covers the rapid growth of these devices, strategies to manage vulnerabilities, and how automation can strengthen your defenses.   Impactful Moments: 00:00 - Introduction 04:15 - Why agentless devices dominate the next decade 06:30 - Insights from Ordr's “Rise of the Machines” report 08:50 - Hidden risks: 42% of devices are agentless 11:15 - Solving the "Swiss cheese" problem of security gaps 14:30 - Prioritizing vulnerabilities with business context 18:10 - Orchestration vs. automation: The harmony difference 22:00 - Why visibility is the foundation of security 27:30 - Ordr’s unique approach to securing the attack surface Links: Connect with our guest, Pandian Gnanaprakasam: https://www.linkedin.com/in/gpandian/ Check out Ordr’s Rise of the Machines report here: https://ordr.net/resources/rise-of-the-machines-report-2024 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

28 Jan 38min

How a Game Turned a Watchmaker into a Cybersecurity Pro with Simeon Kakpovi

How a Game Turned a Watchmaker into a Cybersecurity Pro with Simeon Kakpovi

What if cybersecurity training could be as engaging as your favorite game? In this episode, Simeon Kakpovi, founder of the KC7 Foundation, shares how his gamified approach is changing lives and reshaping the cybersecurity pipeline by making cybersecurity education accessible.  From his journey as a threat hunter to building a free online game that teaches real-world blue team skills, Simeon joins Ron to show how creativity and inclusion can unlock potential in unexpected places. Plus, listen to the remarkable story about how a watchmaker with no cyber background landed a dream job at Microsoft—all thanks to KC7.   Impactful Moments 00:00 - Introduction 01:11 - The evolution of cybersecurity 03:03 - Cybersecurity Mergers & Acquisitions 05:38 - Meet our guest: Simeon Kakpovi of KC7 Foundation 06:00 - KC7 wins “Team of the Year” at the SANS DMAs 8:43 - Founding the KC7 Foundation 10:00 - Lessons from Lockheed Martin’s Cyber Analyst Challenge 11:46 - How KC7 gamifies real-world cybersecurity 14:52 - Bringing KC7 to high school and middle school students 16:52 - Expanding access to cybersecurity careers 25:09 - A watchmaker’s journey to Microsoft 34:00 - How to get started with KC7     Links Connect with our guest, Simeon Kakpovi on LinkedIn: https://www.linkedin.com/in/kakpovi/ Check out the Cybersecurity M&A Roundup Article here: https://www.securityweek.com/cybersecurity-ma-roundup-37-deals-announced-in-december-2024/ Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

22 Jan 35min

Managing and Mitigating Cyber Risks For Your Assets with Jerich Beason and Wes Wright

Managing and Mitigating Cyber Risks For Your Assets with Jerich Beason and Wes Wright

What’s the key to mitigating unseen cyber risks? In this episode, Wes Wright, Chief Healthcare Officer at Ordr and Jerich Beason, CISO at WM uncover the complexities of attack surface management (ASM) and its impact on cybersecurity.  Together with Ron, they explain what constitutes an attack surface and introduce practical frameworks like See-Know-Secure, emphasizing the need for complete visibility and data-driven risk mitigation.  Impactful Moment: 00:00 - Introduction 03:00 - Defining attack surface management 06:13 - See-Know-Secure framework  09:05 - Analogies for explaining ASM to stakeholders 15:33 - Building an inventory for asset visibility 20:42 - Convincing leadership: Budget strategies 25:00 - Tools and methodologies for ASM 36:57 - Managed services vs. in-house approaches 43:00 - Starting your ASM journey   Links: Connect with our guests – Wes Wright: https://www.linkedin.com/in/4kidwes/ Jerich Beason: https://www.linkedin.com/in/jerich-beason/ Learn more about Ordr: https://ordr.net/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

14 Jan 44min

The Year of the Agent: AI, Bug Bounties, and Cybersecurity Insights with Marco Figueroa

The Year of the Agent: AI, Bug Bounties, and Cybersecurity Insights with Marco Figueroa

How will AI redefine cybersecurity in 2025? According to Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty Program, this year is set to be the "Year of the Agent," where AI systems and integrations take a central role.  In this special New Year bonus episode, Ron sits down with Marco to discuss the transformative role of AI in solving cybersecurity challenges. Marco breaks down AI jailbreak techniques, the impact of bug bounty programs on securing AI systems, and why 2025’s fast-evolving tech landscape demands creative thinking. Learn how tools like ChatGPT and Gemini 2.0 are reshaping the industry and why staying adaptable is essential.   Impactful Moments: 00:00 - Introduction 02:14 - Speed vs. safety: AI system challenges 05:30 - Why experience matters more than information 07:45 - Legal stakes for deepfakes and AI 18:36 - Marco’s creative journey in cybersecurity 28:00 - Jailbreaks: Risks and surprising AI findings 37:13 - 2025 predictions: The rise of agents 41:00 - Closing thoughts and the power of community Links: Connect with our guest, Marco Figueroa: https://www.linkedin.com/in/marco-figueroa-re/ Chuck Brooks' 2025 Cybersecurity Predictions article: https://www.forbes.com/sites/chuckbrooks/2024/12/24/cybersecurity-trends-and-priorities-to-watch-for-2025/ Focus Areas for the FaccT Conference News: https://facctconference.org/2025/focusareas “Unreasonable Hospitality” by Will Guidara Book Link: https://www.amazon.com/Unreasonable-Hospitality-Remarkable-Giving-People/dp/0593418573 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

10 Jan 41min

Understanding the Psychology of Cyber Risk with David Shipley

Understanding the Psychology of Cyber Risk with David Shipley

Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and neuroscience reshape how we approach security awareness, reducing risks in ways tech alone never could. In this episode, Ron and David examine why people, not technology, are at the core of effective cybersecurity. David teaches us about the SCARF model, warns us about the dangers of overconfidence in training, and explains how gamification can drive meaningful behavior change when it comes to cybersecurity awareness and risk reduction.    Impactful Moments: 00:00 – Introduction 02:00 – David Shipley’s journey from journalist to cybersecurity leader 06:10 – Why motivation outshines knowledge in security training 08:20 – The Dunning-Kruger effect: Overconfidence in cybersecurity 11:17 – How overreliance on tech increases click rates 17:03 – Cybercriminals’ evolving tactics and emotional manipulation 25:00 – Gamification in cybersecurity: Changing security behaviors 30:56 – Using the SCARF model to enhance security culture 39:45 – Emotional intelligence as a defense against AI threats Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: www.beauceronsecurity.com/partner   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

7 Jan 44min

From Landscaping to Cyber Leadership with Cole Lisko

From Landscaping to Cyber Leadership with Cole Lisko

How does a scorching July day in a van with no air conditioning lead to a career at one of the world’s top cybersecurity companies? In this episode, Cole Lisko shares his journey from landscaping to becoming the Cortex Team Manager at Palo Alto Networks.  Joined by his bestie Cole, Ron weaves the conversation through their history of friendship with laughs and lessons learned along the way. Discussing career pivots, unexpected opportunities, and the impact of mentorship, this conversation offers relatable motivation and a candid look at the power of meaningful connections.   Impactful Moments: 00:00 - Introduction 03:00 - Cole’s first exposure to cybersecurity 06:30 - Pivotal moment: a call for mentorship 11:40 - Breaking into cleared work 18:30 - Lessons learned at Booz Allen 22:00 - The art of work-life compartmentalization 27:45 - Leadership insights from landscaping days 32:50 - What’s next for Cole at Palo Alto Networks Links: Connect with our guest, Cole Lisko: https://www.linkedin.com/in/matthewlisko/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

24 Dec 202434min

Populärt inom Utbildning

historiepodden-se
rss-bara-en-till-om-missbruk-medberoende-2
det-skaver
alska-oss
nu-blir-det-historia
harrisons-dramatiska-historia
sektledare
johannes-hansen-podcast
roda-vita-rosen
rss-sjalsligt-avkladd
allt-du-velat-veta
polisutbildningspodden
not-fanny-anymore
rss-max-tant-med-max-villman
rss-makabert
sa-in-i-sjalen
rss-npf-podden
sektpodden
rss-basta-livet
rss-om-vi-ska-vara-arliga