How He Became a Penetration Tester (With No Degree)

[00:00:00] But I passed the OSCP, posted about it on LinkedIn. That post for some reason went mega viral. I think it had like 300,000 impressions, probably like 2,000 comments. And then so I don't know why it went viral, probably because I've been posting about, you know, my studies with the OSCP and all that at the time. And then eventually I posted that I passed. Recruiters kind of hit me up from there. And then that's when I ended up getting my first role.

[00:00:23] Today's guest is Taddy, Penetration Tester and Ethical Hacker who broke into this industry without completing a degree. He is also a creator on YouTube with a growing following.

[00:00:35] This is the first episode on the Tech Certified Podcast that we're talking to someone in cybersecurity from the offensive side. The first red teamer on the show.

[00:00:44] Taddy shares an incredible journey of becoming a pen tester and also shares an incredible roadmap for others to do the same.

[00:00:52] In this video, you will learn what a penetration tester is or what an ethical hacker is. You will receive a roadmap of courses and training that one can use to become a penetration tester.

[00:01:03] And you will also hear about Taddy's incredible story of getting to where he is now without completing his degree.

[00:01:11] But before we get into this episode, there's one thing that I must continue to mention. This channel is growing at a steady pace, which is amazing.

[00:01:19] There's so much more that we could do if you like this video and subscribe to the channel.

[00:01:25] You liking, subscribing and commenting on the various videos on the podcast will help us to grow and continue to bring on amazing guests to this podcast.

[00:01:34] Now let's get right into this episode.

[00:01:41] Honestly, this is the first conversation that we've had on the channel that is from the offensive side.

[00:01:50] We've interviewed loads of people, you know, talking about the defensive side of cybersecurity, the blue teamers.

[00:01:56] And this is the first conversation that we're going to be having speaking a little bit more about the red team side of cybersecurity.

[00:02:06] Yeah.

[00:02:08] Of course.

[00:02:09] So to start off, let's just get an introduction to you, man.

[00:02:13] Tell us a little bit about yourself.

[00:02:15] Well, thanks again for having me.

[00:02:17] My name is Tadi, T-A-D-I, short for Tadi Wanache.

[00:02:21] I'm originally from Zimbabwe, a small country in Southern Africa.

[00:02:25] Born and raised.

[00:02:26] I moved to the U.S. when I was 20.

[00:02:29] Been in Texas for about three years now.

[00:02:33] That's kind of my story, kind of the background.

[00:02:36] We can get a bit more into the weeds if you want me to.

[00:02:39] Yeah.

[00:02:39] Yeah.

[00:02:40] Don't worry about it because we're going to dive in later in this episode.

[00:02:44] So to start off, let's get a little bit more of an understanding of what a pen tester is, what a penetration tester is.

[00:02:53] And I guess what ethical hacking is, because I feel like there are a lot of people who see cybersecurity as this one thing.

[00:03:02] Yeah.

[00:03:03] As being a security engineer, a SOC analyst, detecting threats or whatever they've seen, you know, especially for people who haven't gotten into the industry yet.

[00:03:12] So can you give a description of what a penetration tester is?

[00:03:17] Yes.

[00:03:18] So penetration tester, people use this term interchangeably with words like ethical hacker or red teamer or offensive engineer.

[00:03:27] People kind of just throw those words around.

[00:03:29] And usually they mean the same thing.

[00:03:31] What we do is hacking generally legally before the bad guys do it.

[00:03:37] So we're conducting controlled assessments on either web applications, mobile applications, whatever you can call an application.

[00:03:44] Some people do physical pen tests, which is the hacking you see in the movies where they're trying to dress up like someone from AT&T, break into a building, lockpick, clone badges.

[00:03:55] Some people do endpoint security, which is just, you know, messing with endpoints.

[00:04:01] There's a whole bunch of things when it comes to pen testing.

[00:04:04] So within that, you can choose, you know, whatever specialty you want to.

[00:04:09] I specialize in application security.

[00:04:13] So web, mobile, cloud stuff is what I do for the most part.

[00:04:17] But the company and web for right now kind of has everything to offer.

[00:04:22] So I'm kind of touching other areas as well just to explore and see where my interests may lie if they do lie there.

[00:04:30] And then eventually I will pick a path to specialize in.

[00:04:33] But for the most part, it is just hacking, trying to find vulnerabilities, reporting them before the bad guys do it.

[00:04:39] And that sounds super interesting.

[00:04:40] And I know there are a lot of people who are really interested in hacking, ethical hacking, of course.

[00:04:46] And I wanted to, you know, understand a little bit more about why you chose this path, why you chose to go down the offensive route of cybersecurity and why you chose to become penetration tester.

[00:04:59] For me, for the longest time, I actually just realized this a few weeks ago.

[00:05:05] So my father, he kind of lived vicariously through me and my siblings for a while.

[00:05:11] I always wanted to be an engineer when I was younger because he wanted to be an engineer, but he ended up going into accounting.

[00:05:16] So I realized at some point that that wasn't actually what I wanted.

[00:05:20] What's what he wanted and what he pushed on me, even though I did like it.

[00:05:25] I kind of just grew out of it at some point.

[00:05:27] And then I wanted to do computer science.

[00:05:29] I used to see my younger brother code and like hack games and all that stuff.

[00:05:35] So I was like, oh, this is cool.

[00:05:36] And then I got into computer science, went to college for a year in South Africa, the University of Cape Town.

[00:05:42] Shout out UCT.

[00:05:44] Did computer science.

[00:05:45] And then that's when I ended up moving to the US.

[00:05:47] But in between that, I had developed.

[00:05:52] I had volunteered to develop a mobile application for my school for hymns.

[00:05:58] Right.

[00:05:58] We had hymn books in the chapel.

[00:06:01] They were getting worn out.

[00:06:03] So the music teacher was like, does anyone know how to write code?

[00:06:06] Can you write an app?

[00:06:07] And I was like, I think I can.

[00:06:09] But it turned out to be very insecure.

[00:06:12] I talked to my IT teacher and he's like, you kind of need to fix this.

[00:06:15] Otherwise, you know, we'll get hacked.

[00:06:17] And so that's kind of how I ended up getting into security because I'm like, what do you mean we'll get hacked?

[00:06:22] Right.

[00:06:22] It was kind of interesting that, you know, someone could actually break into the school's infrastructure because of me.

[00:06:30] And so that's kind of how I fell into that as I was trying to secure that mobile application.

[00:06:34] Ended up bumping into the likes of, you know, John Hammond, one of the more well-known security guys.

[00:06:40] IPSEC, ETC.

[00:06:41] And I kind of just fell in love with the hacking side of things.

[00:06:44] I did try to look at the blue team side.

[00:06:45] People usually say it's easier to get a job.

[00:06:47] And obviously everyone wants to, you know, find work.

[00:06:52] But I didn't find it as interesting as the hacking.

[00:06:55] Just the dopamine hit you get from popping a shell or, you know, finding a vulnerability.

[00:07:02] I think that's very interesting because a lot of work goes into that.

[00:07:05] And then you finally get rewarded when you find something.

[00:07:09] Super interesting, man.

[00:07:10] And one thing I found interesting and I've heard it from, you know, different people before is like the path that your parents choose for you.

[00:07:22] I'm glad that you figured out your own path because, you know, you said your father wanted you to go down the route of engineering.

[00:07:30] Like, is that like mechanical or like civil?

[00:07:33] It was mechanical.

[00:07:34] That type of.

[00:07:35] Exactly.

[00:07:35] So, like, I'm glad you found your own path before going down the thing that maybe is not really.

[00:07:44] You wouldn't be as passionate about.

[00:07:46] Yeah, it wasn't necessarily like he was trying to force me into it.

[00:07:49] It was just more like suggestions.

[00:07:51] Oh, you should do this.

[00:07:52] This would be interesting.

[00:07:53] This is more interesting.

[00:07:54] You probably make more doing this ETC.

[00:07:56] But it wasn't like he was like forcing me or he told me that he would, you know, shun me if I didn't become an engineer.

[00:08:04] No, he was like, you know, suggestions.

[00:08:07] You can do whatever.

[00:08:08] And then eventually I found computer science and cybersecurity on my own.

[00:08:13] Of course.

[00:08:14] Of course.

[00:08:14] And when you spoke about the defensive and offensive side of cybersecurity and you like finding the defensive boring and finding the offensive, you know, getting that hit, getting that.

[00:08:26] Oh, I just found something.

[00:08:28] I just got into somewhere.

[00:08:29] I just hacked something.

[00:08:30] Yeah.

[00:08:30] And that is obviously to people on the outside, even people on defensive, like this is super interesting.

[00:08:35] Like these people are literally what they're doing is really cool.

[00:08:39] It's really interesting.

[00:08:40] I could say that for myself.

[00:08:41] I look at like pen testing ethical hackers.

[00:08:44] I'm like, wow, like that takes a level of skill and understanding of a certain of a certain thing and method of breaking into something I've just built.

[00:08:58] Like I could, you know, create some sort of solution or implement something on a project.

[00:09:04] And then after I've done something and set something up, we bring in a penetration tester to literally try and break down what I've just built, which is super cool.

[00:09:17] And I want to understand what are the key skills required to become a pen tester?

[00:09:24] Like what do you actually have to know and understand at the foundation to do what you do?

[00:09:30] Like I said before, there's a lot of aspects or specializations within pen testing.

[00:09:36] So I think the first thing before you even, you know, think about which skills to learn is find out what aspects you may be interested in, whether it be, you know, application security, active directory or enterprise security, physical pen testing, endpoint security, hardware security, whatever the case may be.

[00:09:55] Look through that and then that'll kind of just determine the skills.

[00:09:58] But basically curiosity is one thing I think you really need.

[00:10:04] You want to tinker, try new things, maybe some creativity.

[00:10:08] But in terms of what I do, which is application security, I would say you need to know how to read and write code for the most part.

[00:10:16] Maybe not too much of writing code in the beginning, but definitely reading and looking at code is essential.

[00:10:23] You need to know your Linux fundamentals, Windows fundamentals as well.

[00:10:30] And just networking.

[00:10:32] I think networking is important for everything in cybersecurity for the most part, actually.

[00:10:40] So that stuff, the basic stuff, I would say.

[00:10:44] But then also if you then venture into, you know, hardware security or whatever, you need to know a bunch of different stuff.

[00:10:52] So it kind of really just depends on what exactly you want to do.

[00:10:56] But for application security, that's what I would say would be the fundamentals.

[00:11:01] Networking, knowing your OSI models, HTTP, that sort of stuff.

[00:11:08] And I think it's really good that a lot of these foundations are the same foundations for a lot of other stuff.

[00:11:16] Like, I think about cloud.

[00:11:17] I'm like, all right.

[00:11:19] Oh, well, infrastructure, the infrastructure side of cloud.

[00:11:22] And I think, okay, yeah, you've got to understand your operating systems, you know, Linux and Windows especially.

[00:11:29] You've got to understand networking to a certain extent, to a certain level.

[00:11:35] And it would be the same for a lot of defensive roles.

[00:11:38] And the good thing about that is once you get those foundations, you can figure out, okay, what do I actually want to do from there?

[00:11:46] So regardless of, you know, what area you're trying to break into, there's a certain foundation that would be great for you.

[00:11:56] And it's not for everything, of course.

[00:11:57] Because, like, obviously in cyber, there's loads of roles, like, you think about GRC roles, you think about, like, auditing that don't require much or any technical ability in terms of, you know, coding or configuration or understanding networking protocols and that sort of thing.

[00:12:17] But a lot of the things at the base level, the understanding is transferable with different roles, which I find really cool.

[00:12:28] For sure.

[00:12:28] And then I think there's a more, there's a side of cybersecurity or hacking at least that's not very much explored or talked about.

[00:12:37] That is usually more interesting to the introverts.

[00:12:41] I mean, extroverts, rather, which is people that end up doing physical pentesting, social engineering, fishing campaigns, etc.

[00:12:48] That usually doesn't get talked about, but it is out there.

[00:12:51] So if you are like an extrovert and you like talking to people, you know, you could venture into that, learn how to lockpick, learn how to social engineer.

[00:13:00] There's a very good book that came out a while ago for social engineering.

[00:13:05] I'm not sure what the name is anymore, but we could probably put it in the description.

[00:13:08] I'll send it to you.

[00:13:10] But for those type of people, you could explore that as well.

[00:13:13] You know, learn how to lie to people, which is only for the job, not like actually, but, you know, social engineering and all that stuff.

[00:13:23] Amazing.

[00:13:23] And this is actually super interesting because I never considered, like, you know, the phishing tests a part of offensive security.

[00:13:34] But now that you mention it, it really is.

[00:13:37] It's trying to, you know, break in to the system through speaking to people, through social engineering, like you said.

[00:13:47] And I mean, I've been a part of, you know, phishing tests in different roles and, you know, creating something to sort of deceive my own employees into, you know, clicking a link or putting in their password into something.

[00:14:03] Yeah.

[00:14:03] I never considered that offensive security.

[00:14:05] But now it's like, wow.

[00:14:08] Okay.

[00:14:09] I have been on the offensive side.

[00:14:11] You probably touched on it before.

[00:14:13] But yeah, there's some red teams and some companies that specifically specialize in that sort of thing.

[00:14:19] So it's out there yet to be explored, talked about, because usually people, when they talk about ethical hacking or pen testing, they just talk about enterprise security, which is active directory and bug bounty, which is mostly web hacking.

[00:14:32] And then, you know, they leave all these other things out that, you know, need people that need exploring, that need talent.

[00:14:39] So.

[00:14:40] Really cool.

[00:14:42] And I think what we can, what we should do now is dive into the learning roadmap to get into this role.

[00:14:52] Yeah.

[00:14:52] You know, of course, as someone as yourself, who's gone on this path and gotten into this industry and, you know, learned this stuff through your various, you know, study methods and university and courses and whatever the case.

[00:15:10] It would be great for you to, you know, lay down sort of a roadmap, the things you need to learn and understand to get to the point of, you know, becoming a pen tester or an ethical hacker in general, whichever way you put it.

[00:15:24] Yeah.

[00:15:24] And I suppose, you know, you could say, you know, what courses, what certs or what sort of training you'd need to get into this role or become a penetration tester.

[00:15:36] Yeah.

[00:15:37] Yeah.

[00:15:37] So if you had asked me this question a while ago, it would have been different.

[00:15:42] Let me give a bit of background.

[00:15:44] I moved to the US in 2021, actually 2021, I'm getting confused, but I had only done a year of college in computer science at the University of Cape Town.

[00:15:54] School here in the US is expensive, so I didn't want to go back to school.

[00:15:57] So I gave myself a year just to try out different things, certifications, labs, build a home lab, do some CTFs, ETC, and then try to get a job by adding those things to my resume.

[00:16:09] I also started a YouTube channel at the time just so I could be seen more, posted on LinkedIn quite a bit.

[00:16:17] And then my year ended.

[00:16:18] The time was up.

[00:16:19] I needed to go back to school because I hadn't found a job.

[00:16:22] But as soon as I started my first semester here in the US to continue school, I ended up getting a job because I passed the OACP, which was one of the certifications I took, which was great at the time.

[00:16:35] I don't know how it is doing now.

[00:16:36] There's a lot of controversy with like OACP plus, OACP getting acquired, which, you know, it's a whole different can of worms.

[00:16:43] But I passed the OACP, posted about it on LinkedIn.

[00:16:47] That post, for some reason, went mega viral.

[00:16:50] I think it had like 300,000 impressions, probably like 2,000 comments.

[00:16:55] And then so I don't know why it went viral, probably because I've been posting about, you know, my studies with the OACP and all that at the time.

[00:17:03] And then eventually I posted that it passed.

[00:17:06] So recruiters kind of hit me up from there.

[00:17:09] And then that's when I ended up getting my first role.

[00:17:12] But now that I've been working for close to three years now, I would say things have changed and I have a different answer.

[00:17:23] But generally, if you ask me how someone would get into what I do specifically, I would say research, publish actionable research, contribute to open source tooling.

[00:17:38] There's a lot of companies that produce tools.

[00:17:41] You could contribute to those because they are open source.

[00:17:44] They are on GitHub.

[00:17:45] I know there's tools like Scout Suite by NCC Group.

[00:17:51] Project Discovery releases a bunch of stuff.

[00:17:53] You could push updates if you want to.

[00:17:54] So I would say do those things because they would get you noticed quickly.

[00:18:00] But if you're starting from zero and you don't even know how to code, you don't even know what the terminal is in Linux, I would say start on TryHackMe.

[00:18:10] I think it's the best value for people.

[00:18:14] For anyone that's starting from zero.

[00:18:16] Generally, TryHackMe would be the best value.

[00:18:20] People usually talk about Hack the Box and all that stuff, but I think Hack the Box would be jumping the gun a little bit.

[00:18:26] I think it's a bit more for people that know a bit more than the person starting out.

[00:18:32] So TryHackMe, do labs like Portswinger.

[00:18:35] Absolutely amazing labs.

[00:18:37] Absolutely amazing research.

[00:18:38] And it is free.

[00:18:40] Portswinger is free.

[00:18:40] TryHackMe is like $14 a month, I think.

[00:18:44] Could be a little less in pounds.

[00:18:47] And then, you know, from there, you could do things like TCM security.

[00:18:51] They have affordable courses.

[00:18:52] You could do the bug bounty course.

[00:18:54] You could do the practical web application penetration testing course.

[00:18:59] That also comes with a certification if you pass that.

[00:19:02] And then maybe at that point, you know a few things.

[00:19:05] You know actually how to, you know, navigate your way through an application.

[00:19:08] You could then try to get into bug bounty and follow creators that do bug bounty.

[00:19:14] Generally, even if you don't do bug bounty or you don't want to get into it.

[00:19:18] Because usually some people, you know, either love it or hate it.

[00:19:21] I don't think there's an in-between with bug bounty.

[00:19:23] Even if you don't like it, I would say follow bug bounty creators in this space.

[00:19:29] People that post about bug bounty.

[00:19:31] People that make money and do it full time.

[00:19:34] Those people are the best web application hackers.

[00:19:37] The best mobile application hackers on the planet.

[00:19:39] I had a few guys on my team at my previous role.

[00:19:44] I could look at an application and find one or two things.

[00:19:47] And they find 10 more things on top of that.

[00:19:50] So following them, learning from them.

[00:19:53] Even if you don't necessarily do bug bounty.

[00:19:55] I think would be a good option.

[00:19:58] And at some point, you want to add code review to your skill set.

[00:20:02] Like I said, looking at code, writing code to potentially build your own tools eventually.

[00:20:09] But code review is important.

[00:20:11] If you get a white box test, which is where you get access to the application.

[00:20:16] You can look at the code.

[00:20:17] Get users, ETC.

[00:20:19] You need to learn.

[00:20:20] Or at least you need to know how to read the code.

[00:20:23] So that's usually the path I would take.

[00:20:25] This is more like a condensed version of it.

[00:20:29] But I do have a newsletter.

[00:20:31] It's called Navigating Security.

[00:20:33] NavigatingSecurity.net.

[00:20:34] I have the whole roadmap lined out.

[00:20:36] I wrote it a few weeks ago.

[00:20:38] Goes into more depth.

[00:20:40] Has links to everything that I mentioned and more.

[00:20:44] People can check it out if they want to.

[00:20:46] But that's how I would say get started now.

[00:20:49] But if you're not starting from zero, if you're pivoting from something else,

[00:20:53] I would say get into research.

[00:20:55] Post about stuff you're finding.

[00:20:58] There's a lot of research opportunities in security.

[00:21:02] So I know I usually have problems.

[00:21:04] And I just write them down.

[00:21:05] And those are all the research opportunities.

[00:21:07] I think I could post it at some point.

[00:21:09] Or I'll give it to you.

[00:21:10] And you can show it on screen.

[00:21:11] Where I bump into a problem.

[00:21:14] And I'm like, there's no research for this.

[00:21:16] And then I just note it down.

[00:21:17] Maybe at some point I can circle back.

[00:21:19] And look into it.

[00:21:20] Post about it.

[00:21:21] Maybe give a talk.

[00:21:22] If I want to.

[00:21:27] Or contribute to open source.

[00:21:29] Like I said.

[00:21:30] That's if you're not coming from zero.

[00:21:33] And you already know how to code.

[00:21:34] You already know what some of this stuff is.

[00:21:36] Maybe you're pivoting from cloud.

[00:21:38] Or an IT background.

[00:21:40] I think that's a decent pathway.

[00:21:46] Amazing.

[00:21:47] Amazing.

[00:21:47] Amazing.

[00:21:47] And that's a really good.

[00:21:50] I think this interview so far has really demystified to a lot of people who are trying to get to this point.

[00:21:59] Getting into offensive security.

[00:22:01] Getting into pentesting.

[00:22:02] Yeah.

[00:22:02] This has really demystified the role of a penetration tester.

[00:22:07] And how to get there.

[00:22:09] I think it's super helpful to understand a lot of these things.

[00:22:16] But it's even more helpful to understand how to get started as a beginner.

[00:22:23] Because a lot of people definitely look at roles and look at things and look at the requirements for things they need to know and understand the thing.

[00:22:31] How do I even get started with this thing?

[00:22:34] Like it's so crazy.

[00:22:36] It seems so impossible.

[00:22:37] What course do I start with?

[00:22:38] What training do I do?

[00:22:40] What do I.

[00:22:40] All this kind of stuff.

[00:22:42] And it seems really overwhelming when you look at it.

[00:22:44] But.

[00:22:45] Yep.

[00:22:45] What you've given is a good place for someone who wants to go on this path to get started.

[00:22:53] And an amazing way to do that.

[00:22:56] I'll say this as well.

[00:22:58] I didn't necessarily.

[00:23:00] I did go to college.

[00:23:01] I didn't finish.

[00:23:02] So I'm considered a dropout.

[00:23:04] I probably will finish at some point.

[00:23:05] Because in the future some of the companies I want to work for would require me to have a degree I think.

[00:23:11] So I will finish at some point.

[00:23:12] But if you wanted to do the college route.

[00:23:14] I would say do it.

[00:23:16] Who am I to tell you not to go to college?

[00:23:18] I'm just another guy on the internet.

[00:23:20] But you need to go to a college where they have really good cybersecurity.

[00:23:25] Pathways into the industry.

[00:23:26] I know one of the ones that's usually talked about the most is RIT.

[00:23:30] Which is in New York.

[00:23:31] Absolutely expensive school.

[00:23:33] But you get picked up before you even graduate.

[00:23:36] So that's another pathway.

[00:23:39] If you want to do the college route.

[00:23:40] You just have to go to a good school.

[00:23:43] Even though it is expensive.

[00:23:44] You make that initial sacrifice in the beginning.

[00:23:47] And then it will pay off in the long run.

[00:23:49] Because I know people that went to RIT.

[00:23:51] They have jobs lined up before they even graduate.

[00:23:54] So they have a good program out there.

[00:23:57] So you kind of just have to look for a school like that.

[00:24:00] And then if you want to do certifications.

[00:24:04] Pick your certifications wisely.

[00:24:06] Don't do a certification just because someone else said so.

[00:24:09] If you can't afford it.

[00:24:10] Don't do it.

[00:24:12] I'm not a fan of debt.

[00:24:14] So just borrowing money just so you can take a certification.

[00:24:17] Because a couple of guys on the internet said so.

[00:24:19] Isn't a good idea.

[00:24:20] Evaluate what your needs are.

[00:24:22] And make a decision from that.

[00:24:24] There are some expensive certifications.

[00:24:26] SANS offers courses for like $10,000.

[00:24:28] You don't have to do that.

[00:24:30] There's courses on Udemy.

[00:24:32] There's TCM security.

[00:24:33] Like I said.

[00:24:34] They offer stuff for like $30, $100.

[00:24:37] When you have more money.

[00:24:38] You can start spending a bit more.

[00:24:40] On courses that are like $300, $400, $500.

[00:24:43] If you can afford it.

[00:24:44] Maybe buy a course that's $1,000.

[00:24:46] It's up to you.

[00:24:47] You just evaluate depending on where you're at.

[00:24:50] Where you want to go.

[00:24:51] Does it suit the skill set that you want to build?

[00:24:54] That's super helpful.

[00:24:55] And I'm glad we touched on that.

[00:24:58] Really interesting that you dropped out of university.

[00:25:03] And you can see it going back.

[00:25:05] But even the fact that you left university without a degree.

[00:25:09] You're still able to go forward.

[00:25:12] And get a role in this area.

[00:25:14] Yeah.

[00:25:15] It's pretty interesting.

[00:25:18] I consider myself blessed.

[00:25:20] In a sense.

[00:25:21] Some people try, try, try.

[00:25:23] And then they end up going back to school.

[00:25:25] Before they even get a job.

[00:25:27] Which was kind of where I was at.

[00:25:28] Because I was already in school at the time.

[00:25:30] Like my first semester.

[00:25:31] But I told the company I was working for.

[00:25:34] I will drop out and focus on this.

[00:25:36] As soon as the semester ends.

[00:25:38] And they're like cool.

[00:25:39] Well you know.

[00:25:40] We kind of like you or whatever.

[00:25:42] And then so they hired me.

[00:25:45] But I think it's doable.

[00:25:46] Getting into the industry without a degree.

[00:25:48] You just have to have something to show.

[00:25:51] The people that you want to work for.

[00:25:53] Like I said.

[00:25:54] I've been posting on LinkedIn.

[00:25:55] I've been posting on YouTube.

[00:25:57] So I kind of had that track record of.

[00:25:58] Okay.

[00:25:58] He's doing something at least.

[00:26:00] Even if it's not the most.

[00:26:01] You know.

[00:26:02] Groundbreaking research or whatever.

[00:26:04] He's you know.

[00:26:05] Doing something.

[00:26:06] And he can probably qualify for an entry level role.

[00:26:08] So.

[00:26:10] Putting yourself out there.

[00:26:11] Making yourself known at least.

[00:26:13] Even if you don't necessarily want to start a channel.

[00:26:17] With your face on it.

[00:26:18] I know when I started my channel.

[00:26:19] I didn't have a face.

[00:26:21] Kind of just recording my screen.

[00:26:23] But eventually.

[00:26:24] You know.

[00:26:25] My face.

[00:26:26] So.

[00:26:26] Just start somewhere.

[00:26:27] And you know.

[00:26:28] Do something for yourself.

[00:26:30] One thing I do want to say.

[00:26:31] Is.

[00:26:32] People usually start blogs.

[00:26:33] And do walkthroughs.

[00:26:35] Of like hack the box machines.

[00:26:37] Or like some CTFs.

[00:26:39] Everyone does that.

[00:26:40] You're probably not going to do it better than IPSEC.

[00:26:43] Do something unique.

[00:26:45] If you are going to do that.

[00:26:47] Add some personality to it.

[00:26:49] That you know.

[00:26:49] Makes it distinguishable.

[00:26:51] Don't just make it generic.

[00:26:54] Amazing.

[00:26:55] Great advice.

[00:26:55] And super interesting.

[00:26:58] LinkedIn.

[00:27:00] And.

[00:27:00] How you were able to.

[00:27:02] Get offers.

[00:27:04] From posting on LinkedIn.

[00:27:05] Yeah.

[00:27:05] Like.

[00:27:06] People.

[00:27:08] People don't understand.

[00:27:09] What LinkedIn.

[00:27:11] Could.

[00:27:12] Could be used for.

[00:27:13] Yeah.

[00:27:13] They don't understand the potential.

[00:27:15] That.

[00:27:16] You could get from LinkedIn.

[00:27:17] Some people think.

[00:27:18] Okay.

[00:27:18] Yeah.

[00:27:19] No.

[00:27:19] When I get into the industry.

[00:27:20] I'll start using it.

[00:27:21] Yeah.

[00:27:21] Or.

[00:27:22] You know.

[00:27:23] I can't post.

[00:27:24] Because.

[00:27:25] I'm not working.

[00:27:26] In.

[00:27:27] This area yet.

[00:27:28] I don't have the job yet.

[00:27:29] So me posting is like.

[00:27:30] Nobody cares what I'm going to say.

[00:27:32] This kind of stuff.

[00:27:34] Yeah.

[00:27:34] And so.

[00:27:35] This is just proof.

[00:27:36] Proof.

[00:27:38] I was able to.

[00:27:39] I've got.

[00:27:40] You know.

[00:27:41] Most of my roles.

[00:27:42] Using LinkedIn.

[00:27:44] To apply.

[00:27:45] As well as.

[00:27:45] You know.

[00:27:45] Them just viewing my profile.

[00:27:47] And say.

[00:27:47] Oh.

[00:27:47] You had a great profile.

[00:27:48] I want to drop in.

[00:27:50] Have recruiters.

[00:27:51] You know.

[00:27:51] Reach out.

[00:27:51] And this.

[00:27:52] This kind of stuff.

[00:27:54] But people don't.

[00:27:55] Always understand that.

[00:27:57] And it's really great.

[00:27:58] To hear from someone.

[00:27:58] Who.

[00:27:59] You know.

[00:27:59] Got a job.

[00:28:00] From posting.

[00:28:01] From putting.

[00:28:01] His work.

[00:28:02] And his knowledge.

[00:28:03] Out there.

[00:28:03] And creating a personal brand.

[00:28:05] For himself.

[00:28:07] And the way.

[00:28:08] You've done that.

[00:28:08] With YouTube.

[00:28:09] As well.

[00:28:09] Super impressive.

[00:28:10] Yeah.

[00:28:11] It's pretty cool.

[00:28:11] And that's kind of.

[00:28:12] How we met as well.

[00:28:13] You know.

[00:28:13] You posting your videos.

[00:28:14] For the podcast.

[00:28:15] On LinkedIn.

[00:28:16] You get to build relationships.

[00:28:18] Meet new people.

[00:28:19] Even if they're not.

[00:28:19] Going to offer you a job.

[00:28:21] You know.

[00:28:21] You're building those relationships.

[00:28:22] And eventually.

[00:28:23] You know.

[00:28:24] You can make friends.

[00:28:25] That.

[00:28:25] That's a lifetime.

[00:28:26] Even if it's not for a job.

[00:28:28] So.

[00:28:28] I think there's.

[00:28:29] Various uses to LinkedIn.

[00:28:31] But.

[00:28:31] Those are some of the uses.

[00:28:32] And.

[00:28:33] How it benefited me.

[00:28:34] At least.

[00:28:35] So true.

[00:28:36] So true.

[00:28:36] And that's so cool.

[00:28:37] And.

[00:28:38] Even as I say.

[00:28:39] You know.

[00:28:39] Posting on LinkedIn is great.

[00:28:41] I really like.

[00:28:43] Stopped posting for like.

[00:28:44] So long.

[00:28:45] Yeah.

[00:28:45] And then.

[00:28:45] Like.

[00:28:46] After the podcast.

[00:28:46] I was like.

[00:28:47] Man.

[00:28:48] I should.

[00:28:48] Like.

[00:28:49] I posted about the podcast.

[00:28:50] Maybe like.

[00:28:50] Once or twice.

[00:28:51] I got like.

[00:28:52] Three people reach out to me.

[00:28:54] Like.

[00:28:54] I'm trying.

[00:28:54] I want to be on.

[00:28:55] Like.

[00:28:56] And then I was like.

[00:28:57] Oh.

[00:28:58] Wow.

[00:28:58] Oh.

[00:28:58] And.

[00:28:59] And.

[00:28:59] And these were like.

[00:29:00] You know.

[00:29:00] Other people who were creators as well.

[00:29:02] Yeah.

[00:29:03] And through that.

[00:29:04] I was thinking.

[00:29:05] Wow.

[00:29:05] Um.

[00:29:06] I need to post about this more.

[00:29:08] Um.

[00:29:08] I was actually at.

[00:29:10] A conference.

[00:29:11] Recently.

[00:29:12] Called the UK Black Business Week.

[00:29:14] And.

[00:29:14] Yeah.

[00:29:14] I was listening to.

[00:29:16] Stephen Bartlett.

[00:29:17] Who is.

[00:29:18] You know.

[00:29:19] The.

[00:29:19] The.

[00:29:19] The host of the Diary of the CEO.

[00:29:22] You know.

[00:29:22] Super cool guy.

[00:29:24] Um.

[00:29:24] So many people know him.

[00:29:25] He's interviewed.

[00:29:25] All of the big names.

[00:29:27] And he has one of the fastest growing podcasts ever.

[00:29:30] Yeah.

[00:29:30] And I got to.

[00:29:31] You know.

[00:29:31] Sit and listen to him speak.

[00:29:32] And.

[00:29:38] To promote.

[00:29:39] What they've done.

[00:29:40] To shout about the good work they've done.

[00:29:43] And.

[00:29:44] He spoke about how.

[00:29:46] You're doing a disservice to yourself.

[00:29:48] If.

[00:29:48] You don't speak about the work you're doing.

[00:29:51] For sure.

[00:29:51] And it could be.

[00:29:52] If you're creating.

[00:29:54] Content online.

[00:29:56] Or if you are.

[00:29:58] You know.

[00:29:59] Doing well in your role.

[00:30:00] Or you're doing a new course.

[00:30:01] In.

[00:30:02] Um.

[00:30:03] In cyber security.

[00:30:04] Or cloud.

[00:30:05] And you're not sharing.

[00:30:07] Sharing.

[00:30:07] What you're doing online.

[00:30:09] It's.

[00:30:09] It's.

[00:30:10] It's only a disservice to yourself.

[00:30:11] And no one else.

[00:30:12] Yeah.

[00:30:12] The more you.

[00:30:13] Shout.

[00:30:14] About.

[00:30:14] What you're doing.

[00:30:15] The more people that it can reach.

[00:30:17] And the more people that can see it.

[00:30:18] And LinkedIn is just the perfect way.

[00:30:20] To put.

[00:30:21] That sort of stuff out there.

[00:30:22] Because.

[00:30:23] The people that are looking for it.

[00:30:25] That's where they're going to find it.

[00:30:26] They're going to find it on LinkedIn.

[00:30:27] Yeah.

[00:30:28] Yeah.

[00:30:28] Um.

[00:30:29] I.

[00:30:29] I think that's absolutely true.

[00:30:31] It's a disservice.

[00:30:32] If you're actually.

[00:30:32] You know.

[00:30:33] Doing some actionable stuff.

[00:30:34] Doing.

[00:30:35] You know.

[00:30:35] Upskilling.

[00:30:36] Um.

[00:30:37] And then.

[00:30:37] You don't tell anyone about it.

[00:30:39] How are they supposed to know?

[00:30:40] You know.

[00:30:40] That type of thing.

[00:30:42] And one of my.

[00:30:43] Biggest contentions.

[00:30:44] When I was starting.

[00:30:44] To make content.

[00:30:45] Was the fact that.

[00:30:47] I didn't want my family to know.

[00:30:48] And I didn't want my friends to know.

[00:30:50] Because.

[00:30:50] You know.

[00:30:51] I was afraid.

[00:30:52] What.

[00:30:52] What would they say?

[00:30:53] Or.

[00:30:54] You know.

[00:30:54] Oh.

[00:30:55] He's trying this.

[00:30:55] He's probably going to fail.

[00:30:56] So I kind of just hid it from them.

[00:30:58] Um.

[00:30:59] You know.

[00:30:59] I didn't tell anyone.

[00:31:00] I had a YouTube channel.

[00:31:01] I didn't tell anyone.

[00:31:02] I was posting on LinkedIn.

[00:31:03] Even though some of my friends.

[00:31:05] Ended up finding.

[00:31:06] Uh.

[00:31:06] My LinkedIn.

[00:31:07] At some point.

[00:31:08] They're like.

[00:31:08] You have a whole following.

[00:31:10] And you don't talk about it.

[00:31:12] I'm like.

[00:31:12] Yeah.

[00:31:13] It is what it is.

[00:31:15] So.

[00:31:15] You don't necessarily have to make it.

[00:31:16] Your entire personality.

[00:31:18] For me.

[00:31:18] It's not.

[00:31:19] Um.

[00:31:19] Only people that I end up.

[00:31:21] Meeting around.

[00:31:21] And see.

[00:31:23] Um.

[00:31:23] That they are interested in security.

[00:31:24] Is when I tell them.

[00:31:25] Um.

[00:31:26] You know.

[00:31:26] Oh.

[00:31:26] I.

[00:31:27] Make some content.

[00:31:28] Or whatever.

[00:31:29] But.

[00:31:30] Put yourself out there.

[00:31:31] If you don't want your friends to know.

[00:31:32] They don't have to.

[00:31:33] You know.

[00:31:34] We.

[00:31:34] Are the security people.

[00:31:36] That want to consume your content.

[00:31:37] We will consume it.

[00:31:38] We will become your biggest fan.

[00:31:40] I've met some of the coolest people.

[00:31:42] On the internet.

[00:31:43] Just because they saw.

[00:31:44] Something I posted.

[00:31:45] Which is absolutely crazy to me.

[00:31:46] Someone on the internet.

[00:31:48] Can become your biggest fan.

[00:31:49] Even if they've never met you.

[00:31:51] So.

[00:31:51] You know.

[00:31:51] Put yourself out there.

[00:31:52] Do yourself that service.

[00:31:55] So true.

[00:31:55] So true.

[00:31:56] Uh.

[00:31:56] I really appreciate that as well.

[00:31:58] Um.

[00:31:58] I'm the same.

[00:31:59] Started YouTube.

[00:32:00] I told.

[00:32:01] Three people.

[00:32:02] Had three subscribers.

[00:32:03] When I posted the first video.

[00:32:05] Yeah.

[00:32:06] And.

[00:32:07] Only.

[00:32:08] Like.

[00:32:09] My.

[00:32:10] Real close circle.

[00:32:11] Of like.

[00:32:11] Three or four friends.

[00:32:12] That I told.

[00:32:13] And.

[00:32:14] It was people who were actually.

[00:32:15] Interested in that thing.

[00:32:17] That found that stuff.

[00:32:18] So people I didn't know.

[00:32:19] Who weren't interested.

[00:32:20] Who didn't care.

[00:32:21] Who.

[00:32:22] Found that content.

[00:32:23] And it began to grow from there.

[00:32:24] Now.

[00:32:25] Everyone watching this podcast.

[00:32:27] You guys.

[00:32:28] Have.

[00:32:29] Know me for some reason.

[00:32:30] I'm just someone who works in cloud.

[00:32:33] Like.

[00:32:33] I don't.

[00:32:34] There's nothing.

[00:32:35] Crazy.

[00:32:35] Special about.

[00:32:36] About me or Teddy.

[00:32:37] It's just.

[00:32:38] You know.

[00:32:39] We shouted.

[00:32:40] A little bit about what we did.

[00:32:42] And now.

[00:32:42] For sure.

[00:32:42] You're watching us.

[00:32:43] You're watching us.

[00:32:45] So.

[00:32:45] So.

[00:32:45] Yeah.

[00:32:46] It's just.

[00:32:47] And not necessarily having to.

[00:32:48] You know.

[00:32:49] Start a YouTube channel.

[00:32:50] Or start a podcast.

[00:32:51] But.

[00:32:52] Putting it out there.

[00:32:53] In whichever way.

[00:32:54] Is best for you.

[00:32:55] And.

[00:32:56] I wanted to.

[00:32:57] Sort of move on to.

[00:33:00] We've just launched.

[00:33:01] A free.

[00:33:02] Cloud engineer.

[00:33:03] Assessment.

[00:33:03] To evaluate.

[00:33:04] And assess your current skills.

[00:33:06] On your path.

[00:33:07] To becoming a cloud professional.

[00:33:09] Now.

[00:33:09] When you take this assessment.

[00:33:10] It provides some incredible.

[00:33:12] Recommendations.

[00:33:13] For your path.

[00:33:14] And remember.

[00:33:14] This is completely free.

[00:33:16] It costs you nothing.

[00:33:17] It only helps you.

[00:33:18] On your journey.

[00:33:19] So.

[00:33:19] If this interests you.

[00:33:20] And you are an aspiring.

[00:33:22] Cloud professional.

[00:33:23] Definitely take this assessment.

[00:33:24] I'm going to leave a link to it.

[00:33:26] Here's an example of me.

[00:33:27] Taking it myself.

[00:33:28] And getting some pretty good.

[00:33:29] Recommendations.

[00:33:30] From my own assessment.

[00:33:31] So guys.

[00:33:31] Check this out.

[00:33:32] And I hope this is really helpful.

[00:33:34] Thank you guys for watching.

[00:33:35] And I'll see you guys later.

[00:33:36] The next.

[00:33:37] Question I had for you.

[00:33:39] And.

[00:33:39] Yeah.

[00:33:39] I suppose.

[00:33:40] This is a real.

[00:33:43] Broad question.

[00:33:46] And the question is just.

[00:33:48] What's your story?

[00:33:51] Where did you start this journey?

[00:33:53] And how did you reach where you are now?

[00:33:56] And it's obviously going to be a long story.

[00:33:58] And you've touched on different parts of it.

[00:34:00] Yeah.

[00:34:00] During this episode.

[00:34:02] But you know.

[00:34:03] Tell us.

[00:34:03] What is your story of how you reached where you are?

[00:34:08] How you got here?

[00:34:09] And the main events that happened leading up to where you are?

[00:34:14] Okay.

[00:34:15] Well.

[00:34:15] I would say.

[00:34:17] Like I said.

[00:34:18] I was born and raised in Zimbabwe.

[00:34:19] I grew up there.

[00:34:21] Lived in South Africa for a bit.

[00:34:22] Because my dad moved there for work.

[00:34:25] But.

[00:34:25] I grew up.

[00:34:26] Active.

[00:34:27] Playing sports.

[00:34:28] Kind of just the usual thing.

[00:34:29] I played rugby.

[00:34:30] I swam.

[00:34:31] Did some cricket.

[00:34:33] For a little bit.

[00:34:34] Tried some tennis.

[00:34:35] Didn't really like it.

[00:34:36] But.

[00:34:36] For the most part.

[00:34:38] I.

[00:34:38] I played rugby.

[00:34:39] Swam.

[00:34:39] Absolutely loved it.

[00:34:41] Finished high school.

[00:34:43] COVID hit.

[00:34:44] I didn't really have anything to do.

[00:34:46] Around that time is.

[00:34:46] Just after I had finished developing that mobile app that I talked about.

[00:34:50] So I had already had my introduction to security.

[00:34:52] So 2020 was kind of just doing hack the box and try hack me stuff.

[00:34:56] I have no clue what I was doing at all.

[00:34:59] But it was fun to just stumble and watch videos.

[00:35:02] And see other people do it.

[00:35:04] I know.

[00:35:05] That's kind of around the time.

[00:35:07] IPSEC blew up.

[00:35:08] John Hammond.

[00:35:09] ETC.

[00:35:10] You know.

[00:35:10] Just watching those guys just hack away.

[00:35:12] Even though I have no clue what they were doing.

[00:35:14] It was fun.

[00:35:15] That year.

[00:35:16] Ended up going to college.

[00:35:19] Did computer science.

[00:35:20] I wanted to do a.

[00:35:22] Cybersecurity degree.

[00:35:23] But.

[00:35:24] The university didn't have a.

[00:35:26] Dedicated cybersecurity degree.

[00:35:27] So I.

[00:35:28] You know.

[00:35:29] Settled for computer science.

[00:35:30] Which.

[00:35:30] Is initially settling.

[00:35:32] It's still a good degree.

[00:35:34] Yeah.

[00:35:35] Yeah.

[00:35:35] Did that.

[00:35:36] Learned how to write some code.

[00:35:38] Python.

[00:35:39] Java.

[00:35:39] ETC.

[00:35:40] And then I ended up moving to the US.

[00:35:44] That's kind of.

[00:35:45] A big event.

[00:35:46] I would say.

[00:35:47] Because.

[00:35:48] There's a lot more opportunity for cybersecurity here in the US.

[00:35:51] Than.

[00:35:51] You know.

[00:35:52] In Africa generally.

[00:35:54] So I was like.

[00:35:55] Okay.

[00:35:55] Let's just.

[00:35:56] Dive right in.

[00:35:58] Started doing certifications.

[00:35:59] Certifications.

[00:36:00] I think I did.

[00:36:00] The first certification was the EJPT.

[00:36:03] Which is very good at the time.

[00:36:05] It had just come out.

[00:36:07] Practical examination.

[00:36:08] People were really.

[00:36:09] You know.

[00:36:09] Loving it.

[00:36:10] For that fact.

[00:36:11] That it's not.

[00:36:11] You know.

[00:36:12] A multiple choice.

[00:36:13] Where you kind of just.

[00:36:13] Graham.

[00:36:14] Cram and pass.

[00:36:15] Right.

[00:36:15] So I did that.

[00:36:17] I kind of posted about it.

[00:36:18] I thought it would give me a job.

[00:36:20] But nope.

[00:36:21] Nah.

[00:36:21] No one really cared.

[00:36:23] Even though I was posting about it.

[00:36:24] I was like.

[00:36:24] Okay.

[00:36:25] Maybe.

[00:36:25] What's next.

[00:36:26] And so.

[00:36:26] What's next.

[00:36:27] Was either.

[00:36:28] The OSCP.

[00:36:29] Which was.

[00:36:30] Still very.

[00:36:32] You know.

[00:36:33] Well talked about.

[00:36:34] In the industry.

[00:36:35] Like I said.

[00:36:36] I'm not too sure how it's doing now.

[00:36:37] But.

[00:36:38] At the time I took it.

[00:36:39] It was still up there.

[00:36:42] So it was either the OSCP.

[00:36:44] Or the PNPT.

[00:36:45] That had just come out.

[00:36:46] From TCM security.

[00:36:48] They had.

[00:36:50] Wonderful reviews.

[00:36:51] Everyone was raving about it.

[00:36:52] And it was cheaper.

[00:36:53] So.

[00:36:54] I was like.

[00:36:54] I have no.

[00:36:55] I have no money.

[00:36:56] I work at a grocery store.

[00:36:57] I think I was working at a grocery store.

[00:36:58] At that time.

[00:36:59] Since I just moved there.

[00:37:01] I have no money.

[00:37:03] So I'll do the cheaper certification.

[00:37:04] I did the.

[00:37:05] PNPT.

[00:37:06] I failed.

[00:37:07] Once or twice.

[00:37:10] Which I.

[00:37:10] Posted about.

[00:37:11] And I think that's when.

[00:37:13] Most of.

[00:37:15] My.

[00:37:15] Subscriber base.

[00:37:17] Started growing.

[00:37:18] Because I posted that.

[00:37:19] I failed.

[00:37:20] For some reason.

[00:37:21] People related to that.

[00:37:23] Not just because of the PNPT.

[00:37:25] But like just.

[00:37:26] General.

[00:37:26] Certifications.

[00:37:27] And just.

[00:37:28] Career stuff.

[00:37:30] Usually.

[00:37:31] You see people posting.

[00:37:32] The big wins.

[00:37:33] Oh.

[00:37:33] I made a hundred thousand dollars.

[00:37:34] Through bug bounty.

[00:37:35] Or whatever.

[00:37:36] And here.

[00:37:37] I am posting that.

[00:37:37] I failed the certification.

[00:37:39] People kind of.

[00:37:39] Just you know.

[00:37:40] Related to that.

[00:37:41] Because.

[00:37:42] People fail.

[00:37:43] In a lot of things.

[00:37:44] Especially certifications.

[00:37:46] It's rare that.

[00:37:47] People usually pass.

[00:37:48] You know.

[00:37:49] On their first try.

[00:37:50] So.

[00:37:51] People like that.

[00:37:52] Kind of.

[00:37:53] Subscriber base.

[00:37:53] Started growing from there.

[00:37:55] Ended up redoing the examination.

[00:37:58] Past it.

[00:37:59] Still didn't get a job at the time.

[00:38:02] But.

[00:38:03] Subscribers were growing.

[00:38:04] Following was growing.

[00:38:06] And I was kind of just.

[00:38:06] Working on pushing out content.

[00:38:08] At the time.

[00:38:09] And potentially getting seen.

[00:38:11] By employers.

[00:38:13] That was a really big turning point for me.

[00:38:15] Because I was like.

[00:38:16] Oh.

[00:38:16] This YouTube thing can actually work.

[00:38:19] But at that time.

[00:38:20] I think is when I got demonetized.

[00:38:23] On YouTube.

[00:38:24] For making hacking content.

[00:38:25] Or whatever.

[00:38:25] It was weird.

[00:38:26] So I was like.

[00:38:27] I don't get it.

[00:38:29] So just.

[00:38:31] Am I just supposed to do this?

[00:38:32] And like.

[00:38:32] Not at least.

[00:38:34] Earn.

[00:38:34] Some money from it.

[00:38:36] You know.

[00:38:36] It was kind of just.

[00:38:37] That thought process.

[00:38:38] But I continued making videos.

[00:38:40] I was like.

[00:38:41] I want a job.

[00:38:42] I want to help people.

[00:38:43] Because.

[00:38:44] One thing I do always say.

[00:38:45] Is.

[00:38:46] You know more than.

[00:38:47] Someone else.

[00:38:48] Right.

[00:38:49] If you know how to use Linux.

[00:38:50] You know.

[00:38:50] More than someone who doesn't know how to use Linux.

[00:38:53] So.

[00:38:53] Me posting what I knew.

[00:38:54] I kind of had the feeling that.

[00:38:56] Or at least the idea that.

[00:38:58] You know.

[00:38:58] Someone could learn from this at least.

[00:39:01] You know.

[00:39:02] So.

[00:39:03] I ended up.

[00:39:04] Taking the OSCP.

[00:39:05] Because I couldn't get the job.

[00:39:07] Get a job.

[00:39:08] I hadn't.

[00:39:09] Had any interviews at this point.

[00:39:12] But.

[00:39:13] I decided.

[00:39:13] Let me do the expensive certification.

[00:39:16] Hopefully.

[00:39:17] It'll.

[00:39:18] Help me land a role.

[00:39:19] Which.

[00:39:20] It ended up.

[00:39:20] And when we say.

[00:39:21] Expensive.

[00:39:22] How expensive?

[00:39:23] It was.

[00:39:25] 1600 bucks.

[00:39:25] At the time.

[00:39:28] 1600.

[00:39:29] 1600.

[00:39:29] 1600 dollars.

[00:39:31] So.

[00:39:31] I kind of had to borrow money from my mom.

[00:39:33] She.

[00:39:33] She kind of loaned me money.

[00:39:35] Even though I was working.

[00:39:36] I still couldn't afford it.

[00:39:37] On my own.

[00:39:38] At the time.

[00:39:39] So.

[00:39:39] She loaned me the money.

[00:39:41] She.

[00:39:41] She could see how hard I was working.

[00:39:43] I'd go to work.

[00:39:45] Work.

[00:39:46] 10.

[00:39:47] 12.

[00:39:48] Hour shift.

[00:39:49] Come back.

[00:39:49] Study.

[00:39:50] So she didn't have a problem.

[00:39:52] You know.

[00:39:52] Lending me the money.

[00:39:53] For that.

[00:39:55] And then.

[00:39:56] So.

[00:39:56] I took the certification.

[00:39:58] I mean.

[00:39:59] I took the training.

[00:40:00] It took me about.

[00:40:01] Five.

[00:40:01] Six months to study.

[00:40:02] Up to the exam.

[00:40:03] And then.

[00:40:04] I passed the exam.

[00:40:05] On the first try.

[00:40:06] Which a lot of people don't.

[00:40:08] For the OSCP.

[00:40:09] So.

[00:40:11] Some people say it was impressive.

[00:40:13] I'm kind of just like.

[00:40:14] I really started hard.

[00:40:15] So.

[00:40:16] I expected the outcome.

[00:40:18] Or at least I hoped for it.

[00:40:20] Yeah.

[00:40:20] And it.

[00:40:21] You know.

[00:40:21] It worked out.

[00:40:22] That's when I ended up making the post on LinkedIn.

[00:40:24] Following.

[00:40:25] Every other post I'd made.

[00:40:26] I'd post.

[00:40:27] I've been posting frequently.

[00:40:28] So it's not like.

[00:40:29] I just came on LinkedIn.

[00:40:30] And posted one thing.

[00:40:31] But.

[00:40:32] Because of the trail.

[00:40:33] Of everything else I was posting.

[00:40:35] That post about.

[00:40:36] Passing the OSCP.

[00:40:37] Ended up.

[00:40:37] You know.

[00:40:38] Going viral.

[00:40:39] Or whatever.

[00:40:40] And getting offers from that.

[00:40:42] So that was also another big turning point.

[00:40:45] I had a whole series.

[00:40:46] I still have it on my YouTube channel.

[00:40:48] Of how I was studying.

[00:40:49] What I was learning.

[00:40:51] The challenges I was facing.

[00:40:52] And I think my background in sports.

[00:40:55] Allowed me to keep a decent state mentally.

[00:40:59] You know.

[00:41:00] Just going off for runs.

[00:41:01] Going to the gym.

[00:41:02] ETC.

[00:41:04] Yeah.

[00:41:05] So that was a big turning point.

[00:41:06] Ended up getting a career.

[00:41:07] Industry job.

[00:41:08] Or whatever.

[00:41:09] Starting that.

[00:41:10] As a security engineer.

[00:41:11] At Cirtis.

[00:41:12] Cyber security.

[00:41:13] Small company.

[00:41:14] But they do very good work.

[00:41:16] Loved the team.

[00:41:17] Absolutely loved my manager.

[00:41:19] Shout out Kwethika.

[00:41:20] If you're watching this.

[00:41:22] Yeah.

[00:41:23] But then eventually.

[00:41:24] I think I kind of grew out of that.

[00:41:26] They were kind of pushing me in a direction.

[00:41:27] I didn't want to go necessarily.

[00:41:30] So I.

[00:41:31] You know.

[00:41:32] Branched out.

[00:41:32] Changed roles.

[00:41:34] Another thing was.

[00:41:36] Because of LinkedIn.

[00:41:37] Because I was making content.

[00:41:38] I met this guy called Adam.

[00:41:40] He was also kind of just.

[00:41:42] You know.

[00:41:42] Studying the same stuff I was studying.

[00:41:44] And all that.

[00:41:45] We became friends on Discord.

[00:41:47] Chatted up all the time.

[00:41:49] And eventually.

[00:41:50] He's the one that referred me to the role.

[00:41:51] I'm currently at now.

[00:41:53] So.

[00:41:53] You know.

[00:41:53] Wow.

[00:41:54] Even though.

[00:41:55] We were just friends at the time.

[00:41:56] And all that.

[00:41:57] Making connections on LinkedIn.

[00:41:59] Making connections on Discord.

[00:42:01] We met one time.

[00:42:02] That he was here in Dallas.

[00:42:03] We went to a hockey game.

[00:42:05] And then eventually.

[00:42:06] Now we work together.

[00:42:07] And we're still friends.

[00:42:08] So.

[00:42:09] Wow.

[00:42:09] It's pretty cool.

[00:42:10] Just you know.

[00:42:11] Putting yourself out there.

[00:42:12] Like you already talked about.

[00:42:13] But that's kind of.

[00:42:14] My story.

[00:42:16] Right now.

[00:42:16] Kind of just.

[00:42:17] Stumbling my way through.

[00:42:19] This.

[00:42:20] You know.

[00:42:21] Curve of learning.

[00:42:22] I think I got to a point.

[00:42:23] Where I'm.

[00:42:24] More mid-level.

[00:42:25] In my.

[00:42:26] You know.

[00:42:27] Expertise and work.

[00:42:28] And now I'm just kind of expected to do.

[00:42:30] Everything by myself.

[00:42:31] So I'm kind of still trying to figure out.

[00:42:32] How that usually works.

[00:42:34] Yeah.

[00:42:35] Which is also another big learning curve.

[00:42:36] But I'm up for the challenge.

[00:42:38] You know.

[00:42:39] I do a lot.

[00:42:40] Still outside of security.

[00:42:42] Like I said.

[00:42:42] It's not my entire personality.

[00:42:45] My faith is a big part of my story.

[00:42:47] And my life.

[00:42:48] So spend a lot of time.

[00:42:49] Fellowshiping at church.

[00:42:52] Serving others.

[00:42:53] ETC.

[00:42:53] Go to gym.

[00:42:54] Quite a bit.

[00:42:55] Tried jujitsu for a while.

[00:42:56] Got injured.

[00:42:56] So kind of stopped.

[00:42:57] I've kind of stopped for now.

[00:42:58] But I miss it.

[00:42:59] It's really cool sport.

[00:43:01] Considering I came from.

[00:43:02] A background of rugby.

[00:43:03] Where it's a lot of contact.

[00:43:04] I think I just prefer a contact sports in general.

[00:43:07] So probably be going back to jujitsu.

[00:43:10] And in the spirit of being a Texan.

[00:43:12] I live in Texas.

[00:43:13] I'm kind of getting into shooting as well.

[00:43:15] It's expensive.

[00:43:15] But it's fun.

[00:43:18] Yeah.

[00:43:18] Pretty cool stuff.

[00:43:19] Honestly.

[00:43:21] Sick.

[00:43:21] Sick.

[00:43:22] Sick.

[00:43:22] Amazing, man.

[00:43:22] I really appreciate the vulnerability of your journey.

[00:43:29] Sharing the L's and the wins.

[00:43:33] And it's something that I've tried to do on this channel.

[00:43:38] And for those who've been following long enough.

[00:43:40] They've seen the L's and the W's and everything.

[00:43:44] The struggles.

[00:43:46] The job I was fired from.

[00:43:48] I think one of the most viewed videos on your channel was an L, right?

[00:43:54] Was it?

[00:43:55] Probably not.

[00:43:56] The one I was fired from was like 2000, 1000 or something.

[00:44:01] I can't remember.

[00:44:02] It's a long time ago.

[00:44:04] But yeah.

[00:44:06] Yeah.

[00:44:07] But yeah.

[00:44:08] I try and really share honestly about things going on.

[00:44:15] About how work is going.

[00:44:16] And not just sort of the influencer mindset of flashy, flashy, flashy.

[00:44:22] You know, I make this amount.

[00:44:25] That kind of thing.

[00:44:26] And you know, there are creators out there who glamorize their journey to get more followers

[00:44:33] or to get more of an audience.

[00:44:36] But I appreciate, you know, you sharing the journey from the honest perspective of, you know,

[00:44:43] the challenges and the journey that you're still on.

[00:44:46] Still going.

[00:44:47] Still learning how to do things.

[00:44:49] You know, as you shared with being a mid-level and being learning to do things more independently.

[00:44:56] And so, yeah.

[00:44:58] It's really cool the way you're able to share your journey.

[00:45:01] And also, I have a lot of respect for you really sharing about your faith as well.

[00:45:09] Yeah.

[00:45:10] But I'm also, you know, a believer and a man of faith.

[00:45:13] And, you know, when I've gone on to podcasts recently and even on this podcast, I've shared

[00:45:19] that and been really open and direct about, okay, yeah, this is who Caleb is.

[00:45:23] And the same at work.

[00:45:24] I'm like, this is who Caleb is.

[00:45:26] I believe in God.

[00:45:27] You know, I have a faith.

[00:45:30] I'm a Christian.

[00:45:31] Yeah.

[00:45:31] And I'm not going to pretend not to be and really not being ashamed of, you know, my faith

[00:45:38] wherever I am and sharing what I believe, which is I have a relationship with God now.

[00:45:46] I believe in God.

[00:45:49] Amen.

[00:45:50] So I really appreciate that as well.

[00:45:52] Yeah.

[00:45:52] I think before, if we had this podcast session a few months ago, I probably wouldn't have said

[00:46:00] anything, but I've kind of met people that encourage me to share it more, industry people.

[00:46:06] And I've seen other people do it as well.

[00:46:10] I used to think it would push people away, but in a sense, you actually build more relationships

[00:46:15] that are meaningful because of it.

[00:46:17] Like you said, I didn't know you were a man of faith, but now I do.

[00:46:20] So now we have something more to relate to, you know, that sort of thing.

[00:46:24] So yeah, it is a big part of my life.

[00:46:26] I don't want to shy away from it anymore.

[00:46:28] So yeah.

[00:46:30] Thanks so much, man.

[00:46:32] I appreciate you sharing that.

[00:46:33] And let's dive in to the next question.

[00:46:37] And this is, we're continuing with this on season two.

[00:46:42] I'm not stopping now.

[00:46:43] What's your most interesting career story?

[00:46:46] It could be interesting in a good way.

[00:46:48] Could be interesting in a bad way.

[00:46:50] Maybe something amazing happened.

[00:46:52] You did something great.

[00:46:53] We're rewarded for it or something like that.

[00:46:56] Or maybe you took a terrible L.

[00:46:59] Who knows?

[00:47:00] But what is your most interesting career story that you want to share with the audience today?

[00:47:06] I could share two things because they're really quick stories.

[00:47:11] My most interesting, or at least one of them, was at my current role, I go secure.

[00:47:17] The first pen test I did on my own, I found RCE, which is remote code execution on an endpoint, a Wi-Fi endpoint.

[00:47:27] They had a rogue router that they had forgot they owned and it was not updated.

[00:47:32] So I got access to the environment, but it was very limited.

[00:47:36] But I was very happy in a sense because you don't usually find RCE on pen tests.

[00:47:43] So RCE is, how can I explain this?

[00:47:46] You're basically getting access to the entire environment that that component has access to.

[00:47:52] So I had access to the internal stuff, which I'm not supposed to.

[00:47:56] And this was from an external pen test point of view, which means I had no access initially.

[00:48:02] They didn't give me anything except a list of assets that they owned.

[00:48:06] So that was pretty cool.

[00:48:08] You know, people thought I was like this amazing hacker, but I'm just average.

[00:48:14] And an L, I would say right now is I'm working with a specific client and my report, I'm supposed to submit my report on Friday.

[00:48:25] And right now it is empty.

[00:48:26] It's been a week.

[00:48:30] I have not found anything.

[00:48:32] So I guess it's good for them because they're secure.

[00:48:34] But on my end, my ego is kind of bruised because I can't find anything.

[00:48:39] I have two days left testing and I have nothing to show for it.

[00:48:44] That's crazy.

[00:48:47] It's mad that this is happening live.

[00:48:50] Like you heard it here first.

[00:48:52] Whenever this podcast comes out, we hope that this is resolved.

[00:48:57] It's happening live in real time.

[00:48:58] Crazy.

[00:49:01] No, I really appreciate the story study.

[00:49:04] So to end off the podcast, I wanted to ask about, you know, all your platforms and the things that you're working on and you have where people can reach you and things you want to shout out.

[00:49:18] Well, I have a YouTube channel.

[00:49:20] It's at T-A-D-I-I if you type that, if you put the at or you can just search Tati.

[00:49:26] You probably find me on YouTube.

[00:49:29] I have a newsletter.

[00:49:31] Still trying to figure out the direction I want to go.

[00:49:33] I want to make it more case study based, more technical.

[00:49:36] It's navigatingsecurity.net for those that just want to keep up with what I'm doing, what I'm researching, what I'm working on and hopefully find some direction from there.

[00:49:45] You can go subscribe.

[00:49:47] But I've also started working with CyberWalks Academy, just building out the community.

[00:49:52] We're trying to have more people involved in offensive security generally.

[00:49:56] So working with them.

[00:49:59] Hopefully that works out.

[00:50:01] We build a community, help other people, meet people, help other people, learn what we already know.

[00:50:08] And just the general gist of things is to help.

[00:50:11] I've seen how getting a career in security or in tech in general can change the trajectory of someone's life.

[00:50:18] You know, you might be the only one that makes that sort of money in your family and now you can support them in ETC.

[00:50:22] So just helping out wherever I can is the gist of things.

[00:50:27] But those are the places you find me.

[00:50:29] My name is Tati Kadango on LinkedIn.

[00:50:30] If you want to connect, you can chat it up.

[00:50:34] But yeah, that's probably it, man.

[00:50:36] Appreciate you for having me.

[00:50:38] Subscribe people to the podcast if you haven't already.

[00:50:40] Of course.

[00:50:41] Of course.

[00:50:42] Everything you mentioned will be linked in the description of this video.

[00:50:45] So if you're looking for it, it will be down below.

[00:50:48] Thanks so much for watching, guys.

[00:50:49] This is season two.

[00:50:50] And we'll be back with so many more episodes.

[00:50:53] Peace.

[00:50:53] Cheers.