How John Hammond Turns Community, Curiosity, And Consistency Into Cyber Mastery

Show Notes

The most reliable way to learn cybersecurity is to touch the tools, break things safely, and build them back with intent. That’s the heartbeat of our conversation with John Hammond, where we unpack how hands-on labs, community feedback, and a healthy mindset can speed up your growth and make it last.

We start with the spirit of DEF CON: presenters acting like instructors, guiding real exercises where attendees build muscle memory instead of passive notes. John explains how that approach inspired Just Hacking Training—an accessible, collaborative platform with expert-led curriculum, live ranges, quizzes, and walkthroughs you can actually use on the job. We talk about why practical, application-first learning is the quickest path for newcomers who don’t have enterprise tools at home and need portfolio-ready proof of skill.

From there, we explore the tension between chasing headlines and building evergreen skills. John’s framework is simple: anchor your time in fundamentals that compound—networking, scripting, Linux, detection engineering, exploit analysis—and use the latest vulnerabilities as sparks for practice. You’ll avoid the burnout of the news cycle while keeping your curiosity alive. We dive into “learning in public” as a force multiplier: sharing notes, repos, and writeups creates a feedback loop, accelerates improvement, and leaves visible evidence of progress for hiring managers and mentors.

Imposter syndrome and overwhelm come for everyone. John offers grounded ways to cope: compare yourself only to yesterday’s you, turn doubt into small daily reps, and step off the treadmill when you need recovery. Pair that with community—Discords, conferences, local meetups—and you’ll find both accountability and energy. For anyone starting today, the blueprint is clear: keep it fun, share your work, and show up where people learn together.

If this resonates, follow John on YouTube, LinkedIn, and X, and explore Just Hacking Training for name-your-price labs and courses. Enjoy the episode, then subscribe, leave a review, and tell a friend who’s trying to break into cybersecurity—what’s the one skill you’re doubling down on next?

Socials

• Join our Chipmunk community Discord server: https://discord.gg/9yfWP6evYQ
• Follow us on Twitter: https://twitter.com/SecChipmunk
• You can find us online at: https://securitychipmunks.com

Chapters

• 0:06: Welcome And Guest Intro
• 0:26: DEF CON’s Hands-On Value
• 2:05: Launching Just Hacking Training
• 4:40: Evergreen Skills vs News Cycles
• 6:22: Naming, Easter Eggs, And Identity
• 6:49: Most Rewarding Moments Teaching
• 7:49: From Coast Guard To Cyber Instructor
• 10:00: Learning In Public And Feedback Loops
• 12:02: Navigating Imposter Syndrome
• 14:58: Overwhelm And The Treadmill Metaphor
• 18:14: Advice For Starting In Cybersecurity
• 20:42: Three-Part Message For Newcomers
• 22:06: Where To Find John And JHT
• 22:31: Closing Thanks

Transcript

Intro: 0:00

From a cooperative project for acquiring skills in the child to learn.

Edna Jonsson: 0:06

Welcome to the Security Chipmunks Podcast, where we keep chipping away at it. I'm here with my co-host, Jerry Bell, and our guest John Hammond. Welcome, John. We're glad to have you.

John Hammond: 0:20

Hi, everyone. Thanks so much for letting me join you here. This is awesome. Welcome.

Edna Jonsson: 0:24

Yeah. Wonderful to have you. So we met at DEF CON, the detection engineering and threat hunting conference. Do you remember that?

John Hammond: 0:33

I do.

Edna Jonsson: 0:35

Yeah. So I was very lucky to have you help out and give away one of our tickets to the Orlando DEF CON site. So what got you interested in DEF CON and what did you think about it?

John Hammond: 0:51

Ooh, well, uh DEF CON, I know, at least from what I've seen, and I it was kind of a little bit before I finally get a chance to go make it, uh, go be there and attend. But I love the fact that it's hey, all hands-on, it's all workshop-based, it's all sessions that are really genuinely, hey, just kind of the presenter, uh, acting really like an instructor to walk through a whole exercise, to go through a demo and to make it even something that's interactive so that other people and all the attendees can join in. Uh, that's just one of the coolest things because look, that that's where the real learning comes. That's where the value and the education comes in. Um, and Randy, I know one of the organizers, he'd asked, Hey, Jeron, do you mind helping spread the word? So yeah, we did that sweet giveaway, let some folks join in with the ticket. Uh, and I'm super glad that it is getting some folks to be able to be part of the party.

Edna Jonsson: 1:41

Yeah, that was wonderful. And absolutely, like you mentioned, the workshops there, they are actual stuff that we're doing in the field. So it's really valuable to people who are trying to break into cybersecurity to get that hands-on um practice with tools that usually you don't see unless you're working in an enterprise environment. So, yeah. So, speaking of training, um, Jerry had a couple of questions. Yes.

Jerry Bell: 2:10

So, you created uh this just hacking training. So, can you tell us a little bit about that? What what uh what was the impetus for creating that?

John Hammond: 2:19

Totally. And and thank you for asking. Uh, that is a a labor of love, another sweet new fun passion project. Uh, because well, for a long while, it's no secret, hey, I've had this YouTube channel where it's kind of just been me talking and walking on the computer screen, showcasing stuff and trying to get more cybersecurity education out the door. Um, and you know, over the years, it's been like a decade and a half, there have been a handful of folks that have kind of raised their hand and asked, like, hey, John, when are you making a course? Uh, when are you putting courses together? Are you ever gonna do courses? Hey, do you have a course that I could go through? And, you know, the usual kind of schoolhouse curriculum training and learning and stuff. And I gotta be honest, a YouTuber is not the best at making a full-blown course, right? Because I'm I'm pretty used to all that formula of okay, something that's in a tight 30-minute video, 20-minute video, 10 minutes or less kind of thing. But having a whole uh like trajectory of one material, one lesson, one point A to B to learn something more, uh is tough. It's it's it's tough to craft out. Uh, but I had this realization when I was getting to hang out with more and more friends, more and more incredible people in the industry. Like, look, there are so many other genius, incredible people that are doing fantastic and incredible stuff. Uh, so I wondered, look, could we try to kind of bring all these bright minds together? Uh, would they be willing to help craft and create and build out some of the curriculum and make for that hands-on, interactive, practical, and application-based learning with oh, yeah, of course, the lessons, the curriculum, videos, the walkthroughs, the exercises, the quizzes, and a full-blown like VM range, like virtual machine and lab to be able to poke and play. Um, so we kind of kick-started the idea. We were playing around with it. I think it got some real wind and really launched over in October of 2024 now. Um, but it's just been so cool. It's been, I hope, a really sweet opportunity and just a really great mission and adventure for me now is hey, trying to spread more education, trying to help at this scale in a whole new way where it's not just me anymore, it's all the awesome and incredible people in the industry. Uh, so I'm really, I'm really happy to see where it's going. It's just a lot of fun.

Jerry Bell: 4:36

So, so this is uh obviously a really fast-moving industry. How do you decide what you're going to focus your content on?

John Hammond: 4:44

Ooh. Well, I a little bit of back and forth in my mind, truth be told. Because like it's one thing, yeah, I'd love to go chase the latest hot ambulance, you know, chase the new hotness, see what's happened in the news, current events. And I do try to sprinkle those in here and there, but I know those are really super ephemeral. Like that, that's totally temporary if it's just the news of the week or the weekend, right? Uh, so I still try to keep stockpiling and really bringing out just more uh not to say foundations, but stuff that is kind of evergreen content and education. Like they're still learning however many years you watch it. It's not living and dying in the breath of the news cycle. So I don't know. I try to balance both, but uh really it uh to be totally honest, it just boils down to what am I interested in? What do I want to showcase? What do I want to play? I have a little strategic advantage where the channel is just kind of my name. It's John Hammond. So whatever John wants to talk about, John will talk about.

Edna Jonsson: 5:48

So I just noticed that just hacking training also could be John Hammond training. Did you know that?

John Hammond: 5:58

So the JH part of the JHT is a little uh little play. Uh because I did want to, you know, make sure I'm still in the picture someway, somehow.

Edna Jonsson: 6:10

Yeah, that's neat. I like that. It's a little Easter egg.

John Hammond: 6:14

It is especially cutesy if you really think the same like number of letters in the words John and just hacking and Hammond, but whatever. And you know, hey, you cares. Yeah.

Jerry Bell: 6:24

You you put a lot of thought into that. Uh it's clever, right?

Edna Jonsson: 6:28

Yeah.

Jerry Bell: 6:29

So what has been your favorite uh memory or moment in in your just hacking experience here?

John Hammond: 6:37

Oh goodness, that's a super good question.

Jerry Bell: 6:42

Uh I all credit to Edna, by the way.

John Hammond: 6:46

I'm trying to think, what's the what sticks and stands out? I'm going to events and conferences and kind of being with people in person, you know, in the real world, not just kind of sitting behind the computer screen, um, getting a chance to be with folks that are willing and want to come up and say hi, shake hands, chat, tell me, like, hey, they've been learning all a lot of sweet stuff, and they got into this job or they they got in the industry because of the stuff that I've been doing. Um, it's very surreal. It's it's extremely fulfilling. Because, you know, from my perspective, I'm just like sitting alone in my room yelling at my computer with the camera on. Um, but I'm just so grateful that that has caught some wind and uh got a little bit of momentum, and it really helps, I hope, bring some value for people. Uh so I don't know if that's really a favorite moment, but that is certainly like one of the favorite feelings of wow, cool. I hope I move the needle somehow somehow.

Edna Jonsson: 7:42

Yeah. So I was curious, I know that you come from a training background. Um, has that helped you in your career? And also, um, does that help you with like public speaking and things like that?

John Hammond: 7:57

Totally. Yeah. Um, so super quick crash course, if that's okay. Uh I I feel like I got a lot of my beginnings, learnings, fundamentals to kind of get into all this stuff. Um, when I attended the US Coast Guard Academy, that was for my undergrad, for college, for school, and that's one of the military institutions over in the United States, right? So think of Annapolis, like Naval Academy, uh, West Point, the Military Academy, blah, blah, blah. Uh, and that, you know, instills a little bit more of the militant, you know, regimented kind of oh uh cambroadery and stubborn grit and determination. Uh, but it also really tells you how to talk, uh, especially to some of the oh high flying officers, gold and brass, and VIP people that would come and join the party to see what we're up to. Uh so I had to talk and present to them what oh, our cyber team little extracurricular club was all up to. Um, and then once and after the Coast Guard Academy, uh I was training and building out their cyber team and trying to make sure the rest of us cadets were smart and learn a lot of this stuff. I bounced over to the Department of Defense Cyber Training Academy to teach, like to literally really be an instructor, standing up in the podium, riding a unicycle, trying to juggle, keep people awake for eight hours. Um and that I gotta admit, yeah, I really feel like feeds and helps in you know both directions, getting better, improving, and having the capability to present and to talk and to yeah, hopefully make sure something is still fun and exciting for people while I'm rambling and yapping.

Edna Jonsson: 9:33

Oh, that is wonderful. I'm I'm glad that you had that experience, and that's such a cool like sometimes people don't think about how you come from different backgrounds, and that really helps you when you get into cybersecurity. Um this also ties into another question that I have. So you have talked about uh learning in public. Um, so why is that a powerful strategy for cybersecurity students and how can they start doing that?

John Hammond: 10:02

Oh, awesome question. Uh look, I know I maybe it's silly with my YouTube channel and all, but I don't mean to keep falling onto that as a crutch. But I I know that look, I don't know everything, and I'm still here to learn kind of alongside everyone else. So a lot of that learning in public and oh, trying to build, trying to play, trying to hack, go through some of these vulnerabilities and exploits and stuff. Like all of that is so that hey, I can share it with other people, uh, share what I'm learning and share, hopefully, and get to hear what they're learning. Because even in the comments, if it's a blog, if it's a write-up, if it's something that you post on Twitter or LinkedIn, whatever, uh, when folks can let you know, hey, actually, you know, you could have done this faster uh with this technique or with if you use this trick, or oh, have you heard of this tool? You should check out you should check out this program, this application. This could speed you up. Um, and that was just a really cool feedback loop. Um, I was doing YouTube for you know, way back when, even before uh that college Coast Guard Academy undergrad timeline. And even then it was just, hey, I'm having fun. I'm enjoying this stuff. And even stockpiling and collecting these online videos or write-ups or blogs or however anyone else might tackle it, uh, that felt like momentum. Because hey, it now I have a proof, now I have a demonstrated and uh tangible, so to speak, something to capture that work that I've done, and other people can learn from it and uh they can help teach me. So it was just always awesome, uh, a really, really cool sort of cycle to just keep improving with the community. And I would totally recommend that to anyone if they're up for it. And it doesn't have to be talking to a camera and making videos, it can just be your notes, honestly. If it could just be anything that you're already putting together, but why not share it and make it public so that we all can learn?

Jerry Bell: 11:58

Nice, very nice. So you've you've in the past mentioned imposter syndrome. So what what advice would you give to new learners who are feeling bad imposter syndrome? And by the way, you know, I've been in this industry for uh probably longer than y'all have been alive, and I have this imposter syndrome pretty pretty bad. So uh I'd I'd love to hear your thoughts on that.

John Hammond: 12:26

Well, I mean, the thing is it it it strikes everyone. Uh it hits everyone, no one is immune. I have imposter syndrome and burnout and the mental fatigue and all the things that you know really do bog us down, and no one's an exception. Um I whenever I can, I've tried to treat that or harness it to kind of act as a little bit of fuel. Like, hey, can that be the motivation? Like, oh, I want to get better because uh I need to make this ideal or I want to reach this goal or hit this accomplishment, achievement, a milestone. Um, and if I'm comparing myself to other people, I realize I know a lot of that honestly just kind of comes from doom scrolling on social media because I see everyone else sharing their wins, highlighting all the best stuff that they're up to, the new certification they got, the new job that they were doing. Like it's really, really easy to then just compare yourself to them and beat yourself up for it. But honestly, I think the best you can do is compare yourself to yourself. Like, did you learn something new today? Are you better than you were yesterday? If it's 10% better, if it's 1% better. Look, if you are staying with it. If you're keeping up with the pulse and the heartbeat, then that's the best way you can at least keep fighting up against imposter syndrome. But it you're gonna hit the wall. I have, we all do. Uh, it's just something else we wrestle with. Thank you for that.

Edna Jonsson: 13:58

Yeah, I've felt imposter syndrome a lot.

John Hammond: 14:01

Yeah, no, me too.

Edna Jonsson: 14:03

Yeah, earlier this year when I uh competed and won that black badge at Wild West Hacking Fests. Oh, yeah. I was competing against some really talented people. And it made me feel so wild that like I had won this and I felt like I had to return the badge or something for a bit. Like it's like, oh no, I don't deserve this. But yeah, it's uh those are the best things, though.

John Hammond: 14:28

Those are when you do celebrate some sweet success, an actual awesome accomplishment. Uh, and so being there with teammates, being in there in person, like that is something to be super proud of.

Edna Jonsson: 14:38

Yeah. It it was wonderful, and I'm glad I did it. Yeah. Imposter syndrome is just like it will creep up on you when you when you don't want it. You don't choose to have it for sure. Um, but when you're doing a lot of things, you can sometimes feel overwhelmed. And I attended a talk that you did uh as the keynote at B Sides Tampa, where you talked about all of the pressures that people feel when they're getting started in cybersecurity and people are telling them you need to do this and that. Can you talk about that a bit and share your thoughts on all of the pressures that we feel as we're trying to break into this field? And it feels overwhelming?

John Hammond: 15:25

I can try, because uh yeah, I know that's still a struggle point uh for me too. Um so yeah, way back when uh for Besides Tampa this year, 2025, uh it was a real honor, an incredible opportunity to be their closing keynote. Uh, and I brought this talk titled Another Round on the treadmill, uh, which was the you know fluffy, oh ha ha thought leadership kind of waxing poetic kind of idea, just to because that that's a keynote, that's just what it has to be. Um but it was playing with that notion that hey, uh there's so much for us to do in cybersecurity and so much for us to learn, and so much that it's too much for us to do and keep up with. Um, and it is really feeling like it's some cycle, it's some cyclic thing that we just gotta chase the next new vulnerability, the next do and alert, the next through threat act, or the next audit, the next whatever, and go after that next cert, blah, blah, blah, blah, blah. All the studying that we do. It is super duper overwhelming. And I feel it all the time. And I I hope that look, if we at least even talk about that, like if we acknowledge that, if we if we shine a spotlight on that, uh, we don't ignore it because I think we all just know we we all understand that. But I was trying to get this message across. We're like, okay, you don't need to boil the ocean, you don't need to consume absolutely everything. I know people tell you to be a sponge, but like, look, you can only hold so much, uh, all that water, all that information, everything you're trying to do. Um so the whole another round of the treadmill premise was like, look, you're doing awesome stuff. You're on it, you're working, you're running on the treadmill. And if you need a break, that's totally okay. Uh, because if anything, you're gonna feel better. You're gonna you're gonna have some time for your your your muscles to build up, for you to get that cardio back in action, whatever analogy we'd like here. But literally, genuinely take a break. Like let yourself catch up, catch your breath, relax, and enjoy. Because you are doing this because you love it. There is a passion there, that's why we're all in this. Um, but then get back on the treadmill. Just another round on the treadmill.

Edna Jonsson: 17:51

Yeah.

Jerry Bell: 17:53

Good advice. Good advice. Um, so if if you were if you were to start over again, and I I I find myself uh asking this question of myself quite quite a lot because I'm uh entering my third career, I think.

John Hammond: 18:09

Excellent. Congrats.

Jerry Bell: 18:10

How how would you approach getting into cybersecurity now? And and in in particular, I think the the listeners of this show are are you know often kind of coming in coming freshly into the industry. So what advice would you give your younger self if if you were coming into the industry industry right now?

John Hammond: 18:29

Oh uh I guess uh maybe this sounds uh boring or bland or stupid or trite, I don't know, but I I think the best advice, uh I don't want to sound like a broken record or anything, is really just have fun. Uh keep doing the stuff that you find fun and enjoyable and that you want to keep doing. Um for me in the early, early days and the beginnings, it was like capture the flag. It was oh, the gamified learning experience to be able to play in cybersecurity and learn all these new things. Um, but that was something that I was just having a ton of fun with, and I wanted to play the next CTF, and I wanted to read the write-ups, and I wanted to build these tools, and I wanted to figure this stuff out. Uh but I think eventually, and I think it was something we all kind of keep in the back of our minds, is that life is gonna catch up with you. Uh, you're gonna be doing work, you're gonna be, I don't know, kind of working in the job, you're gonna have some time with family, you're gonna need to have some home life here and there. Um, and eventually you're gonna get to a point where maybe sometimes you can't quite always get to the cybersecurity stuff that it was a passion or you had fun with, or it's just less fun because sometimes it feels like work. Uh and I know that's that that sucks. Like that that's a tough pill to swallow. So I think the best you can do, especially in the early days, stockpile and grow and run as fast as you can and enjoy everything that you're up to. But do it because you're having so much fun. You want to keep doing it. So you can fend off whatever days might come way, way down the line where you don't want to do it. But you've put so much time in, you've you've been able to be a part of this, and you've been loving it for so long that the longer you can keep doing it because you love it, because you enjoy it, that is the best saving grace that you can. Uh, and I hope, I think that's the best way to go about it. Keep it fun.

Edna Jonsson: 20:33

Wonderful. Um, so what is one message that you would want newcomers to hear from you directly?

John Hammond: 20:42

Ooh. Look, um, I guess it kind of boils down to yeah, you know, the same sort of trio in all reality. Uh, keep it fun. Maybe the next one is really share, document, show your work. Um, and then I think the third bullet here is look be present, be a part of this thing, be in the community, be interacting in Discord, be online with the social media, LinkedIn, just being with the community and attending events. Like go be with the community at conferences. Uh, you make so many cool references, you make so many cool networking opportunities, you meet so many incredible people, and that will open a lot of sweet doors for you. Uh, and it's fun. It that adds to all the other things of yeah, make sure you're enjoying yourself and make sure that you try to share and document what you're up to. Um, but do that with others. Uh, be that and present in the community. So cool, so much fun.

Edna Jonsson: 21:40

Wonderful. And how can people connect with you and find your training?

John Hammond: 21:46

Thank you so much. Yeah. Now, if anyone is up for it, uh, would be grateful. Please do take a look at some of the stuff I'm up to. Don't hesitate to reach out. Um, I'm out online. You can find my name, John Hammond, uh, on YouTube, on Twitter, on LinkedIn, on all of the internet places. And it's me. It's just a picture of me with my stupid dumb face and red hair. So you can probably track me down A-oka. Um, but yeah, a lot of the training venture and extra, extra efforts on that side are at just hacking.com. So I hope some folks do get to take a look. A lot of free, accessible name your price, pay what you want, pay what you can, material, and good learning and education there for you. So thank you.

Edna Jonsson: 22:26

Yeah, thank you. Thank you for being on the show. We're so glad to have you.

John Hammond: 22:32

Well, thank you all for the opportunity.

Edna Jonsson: 22:35

Absolutely.