Ep 59 – From Marketing to Offensive Security!

Show Notes

This week we talk to Lily Clark. Lily has taken an amazing journey from Sales, to Customer Success, to Marketing, and she has recently landed in Offensive Security! Hear how Lily has taken on learning tech and landing her dream job working in Offensive Security.

Useful Links:
Kali Linux – https://www.kali.org/
Parrot Linux – https://www.parrotsec.org/
Free INE Training! – http://checkout.ine.com/starter-pass

You Can find Lily on:
LinkedIn: https://www.linkedin.com/in/lilycclark/
Twitter: https://twitter.com/seclilc
Instagram: https://www.instagram.com/seclilc/

This episode has been sponsored by Meter. 

Go to meter.com/aone to book a demo now! 

Find everything AONE right here: https://linktr.ee/artofneteng

Transcript

this is the art of network engineering podcast in this podcast we'll explore tools technologies and talented people we aim to bring new information that will expand your skill sets and toolbox and share the stories of fellow network engineers introducing the art of network engineering olympics tech leads from all over the world will virtually converge for this completely fictitious undertaking events include the 6500 toss the goal is to chuck that chassis as far as you can power supplies removed of course because we're nuts but not crazy also this is a tandem event because well who really wants to lift that thing on on their own next up is the typo titan competition the winner is the one that can properly type conf t as many times as possible in two minutes without typing coffin tea can of tea or coff finally we want to highlight the ethernoodle competition in this event techleets will need to remove an ethernet cable that connects from a patch panel to a switch in the shortest amount of time possible the small caveat is that the cable is 50 feet long when it only needs to be one and is wrapped around and intertwined through the other 200 cables in the rack oh and by the way this is a wall mount rack that is eight feet off the ground be sure to tune in and cheer on your favorite tech leads in this completely fake extravaganza in the meantime check out the art of network engineering thank you tim that's great uh i'm a little late for the olympics so hopefully nobody notices i i would give that 6500 chassis toss a try yeah that sounds like i will let you can we do it off the top of the building now gotta have the full effect all right i am aj murray at no blinky blinky he is tim burtino at timber tino tim how are you doing sir i'm no longer in my bedroom i see that was last week i see that so i'm i'm playing kind of bounce around a little bit and i think i've found my home now maybe we're trying some things moving the kids around a little bit and they seem to be happy where they're all at now so i might finally get to have an office with a door and i'm excited very good very good gonna splash some a1s schwag on the wall i see you already uh started that very nice yep i like it i got it i got to get some of those fancy light jaws you guys got going on there yeah you got to get the same ones and then we'll all look like we're in the same studio exactly all right uh dan at howdy packet dan how you doing hey aj i'm doing great what's new in dan's world uh i racked some f5s yesterday so that's new uh gonna do some migrating to newer updated hardware so excellent that's what i got coming down the pipeline new hardware is always fun yeah good stuff oh and i get to mess with uh some aws i think it's called eks which is like their their version of kubernetes so some containers sure so yeah that i get to learn some of that i i have no clue what i'm doing with that so this will be a complete learning process well we'll have to hear about your uh your kubernetes learning journey yeah yeah i'm excited that sounds like fun how about you aj how you doing uh wrapping up the kitchen renovation still on vacation um so yeah yeah things are going real well just minor details now uh we're basically moved back into the kitchen and it is now a functional space in our home once again which is nice but yeah things are things are going well good so let me ask you this have you gone to the uh to like home depot or lowe's whatever you got up there have you gone at least six times uh probably per day yeah per day okay that's good and then have you bled yet oh yes yes okay so it's a true project thing oh yeah yeah blood has been shed dollar spent yeah yep some tears shit as well yeah yeah every day this week the first thing my wife and i do is just hop in the truck and head to home depot or lowe's yeah get what we need for the day because we didn't think about that the day before when we were there god knows what so while i'm really excited for you and your new kitchen you really need to learn how to take a vacation because i don't think that's it i've stayed off of uh work stuff this week i'm pretty proud of that it's i've really disconnected from work which has been nice time off work is time off work that's right that is that's a that's a valid point yeah that's been fun excellent well uh let's jump into some wins who's got the goat for me this week standby i i got one i got one that's okay he's got it well i already jumped and got it all right well ah there we go there we go uh andy's gonna let us have it for that one yeah andy's on vacation this week that's why andy's not here hopefully he's enjoying some much earned and deserved time off so there's some winning for andy um this week in the winning channel we've got gibson they passed their n plus exam congratulations gibson good job great job uh here's a mouthful ill will pass their en wlsd that is the the designing cisco enterprise wireless networks exam so congratulations ill will oh he's one of those people one of those wireless people uh mick cutie mccutty past the jncia juno so would you call me yeah that's gonna stick yep yep uh dan is now my mccutie what did he pass was it juno uh juniper yeah the jnci junos congrats nice good job uh matt d passed the nrc exam and that completes the ccnp for them so congratulations matt nice work matt now the nrc that's the uh the routing yeah the advanced enterprise services exam yeah okay and uh the traffic network shout out to the traffic network they passed their devnet associate exam congratulations oh congrats good job uh big personal win for kaiser clark they were promoted to the rank of staff sergeant in the air force so congratulations and thank you dude nice very nice and uh well well uh while they were on the episode last week he finally dropped it in the winning channel so we got a shout out once again to netsequezy for accepting a position at cdw as an associate consultant congratulations good job uh welcome to our latest patreon daniel thank you for your support of the art of network engineering and thank you to all of our patreons if you're interested in joining the patreon program you can go to patreon.com forward slash art of netenge and join there all right tim can i get another goat screen excellent uh very excited for our guests this week shout out to our friend carl for the recommendation uh the our former co-workers as carl has has moved on uh please welcome lily clark to the show lily thank you so much for joining us thank you so much for having me i'm excited to be here so um where did you and carl work together yeah so we work together at ine so um some of your listeners may be familiar with ine oh i'm sure training platform for all things networking cloud data science and cyber security cool cool and what what's your role there at ine so i actually started in customer support but currently um i guess my title is consumer communication specialist i work on the marketing team and i help out with the social media side of things very cool and so dish the durdoc no i'm just kidding that's awesome is he as cool in person to work with as he is in our community um you know he is honestly cooler i really liked carl i really enjoyed working with him he's just a genuinely good guy and we all missed him when he left i can only dream to work with carl in person one day oh he's a powerhouse he's he's mr cert himself i swear every every week we're looking carl got another certification yep yeah well enough i'm not working with him i don't know about working with him i think i'd rather have a beer with him right well yeah that or both at the same time yeah hey hey that's some next level stuff there mr richards hey all right well enough about carl this isn't carl's episode we already had an episode yeah this is lily's episode so uh lily um what what brings you here uh yeah so you do marketing and tech at ine currently uh what else do you have going on yeah so um i actually started my tech journey when i started at ine in customer support i really hadn't i'd never touched a command line before then i really didn't know what an ip address was i didn't really know anything um but i happened to be at this great company that had training that started at that beginner level so i took advantage and um actually um by the time this comes out the announcement will have been made i just accepted um a position as an offensive security consultant oh very congratulations yeah congrats on that thank you yeah i'm really excited okay i was gonna say are you excited are you pumped for that like i yeah i'm super pumped so y'all know before my company my current company knows but you know it's fine that's why we're not live so so i want to take it a little ways back is your is your background in marketing no it's not actually my degree was in exercise science okay um so completely different um i i came out of college i didn't know what i wanted to do and um i got a degree in what some people would say um bartending and sales because i mean there's what else am i gonna do with that you know be a personal trainer i didn't want to do that so i actually was a bartender for a little bit and then i moved to raleigh and i um got a job at citrix and sales so okay that's actually where my career started so i had a sales background and hated that how did you how did you come to find that how did you get into that yeah yeah right like why citrix specifically honestly when i moved up to raleigh um all of my friends were in tech sales and i knew how much money they were making and i also look i was hanging out with these people they were not the brightest and i was like i can do that like oh i don't need a degree in this yeah i'll let me go try that so i just applied um to tech sales positions and i got my first one at citrix nice gotcha and then so so let's put some timestamps on this when like how many years ago was it that you graduated college um five so i graduated 2016. okay so so out of college in 2016 that's when you got your tech sale in citrix right well i was bartending for a little bit i was middle of nowhere alabama i was living with my mama um what part of alabama i'm pretty familiar with the northern part of alabama oh yeah i went to auburn so we're equal i have to shout it out anytime i can i grew up lower alabama la as some people would call it um but when i say i was bartending middle of nowhere alabama i was it was just this lake um about 30 minutes from auburn um in salem alabama you've not heard of that no one has heard of it so um i just did that and saved up money until i could spread my wings and fly so um i i moved december 2016 and then um i was working in restaurants up here until i found my position in may of 2017 okay so 2017 is when you started it at citrix in yes okay so how long were you there for i was there for five months and then i got laid off they had a nice huge corporate restructuring um and let me tell you i was so happy about it i hated pills i was cold calling making 150 dials a day and just being screamed at i was so happy to leave y'all nice um so you know after that i believe in december i got a job at invisalign as an account manager um more sales stuff i didn't learn my lesson i knew i hated it and then um i i quit that okay now how long were you there for about five six months i was not there too long i i really should have learned my lesson um and then i kind of laid low for a while i was like i don't like sales i don't know what else i'm gonna do i kind of took odd jobs i worked as a receptionist at a hair salon which is what not anything i thought i would do but i paid some bills for a little bit of time and then i was a server a beer garden and you know just paying bills and then i realized i really wanted health care so that's when i started applying for jobs again in the corporate world and that's when um i found ine and i started in customer support because i actually applied in sales and my recruiter said you know lily it doesn't sound like you actually want to do sales and i was like you know what i don't i don't want to do sales is there anything else there um and they actually worked with me nice so that was kind of a weird change of pace but um yeah that's when i started at ine it was october 2019. okay all right all right so what does customer support look like at ine what's the day-to-day right so it had changed over time because um i'm ine had acquired elearn security which was a lot of their cyber security offerings and um i was actually client success for elearn security so i was a one-woman team so i did all b2b um onboarding i did b2c when i say b2b like the business onboarding i did um individual tickets customer support it was a lot of answering emails uh knowing the answer to things um all and i also um since it was a small team i did all the billing so refunds and oh wow oh it was a lot of fun um but then you know i e and elearn security merged and um you know their client success team was a little bit more built out so i kind of was just doing the customer support side of things answering calls and uh emails all day and you know it wasn't my favorite pace but you know during this whole time i was actually studying in my free time um you know nights and weekends a lot of my time was just going through our material you know in our a lot of my questions i would get were you know how do i connect to our labs um you know in this in this lab it says to do this um you know how how do i do that you know and um it was a lot of learning that for myself i i could um and i did pass off a lot of inquiries to instructors but they're so busy and there's some that i i just saw so many times that i learned it for myself so i could just help people more directly and also you know i was looking at our courses and you know potential salaries for security and i was like i'm in customer support right now i don't know looks like an opportunity so um that was a driving factor at first because it was very very difficult for a long time understanding anything yeah so just to kind of recap this you you were doing customer support customer success for ine you were getting bombarded with all these questions some of them were you know basic like how do i access the services that i need provides and some of them sounded like tech support questions like i want to connect to the lab and i can't figure out what to do in the lab and and so this for you just kind of like uh scratched your curiosity for technology and this is where that kind of grew yeah pretty much uh you know it was a lot of different things happening at once you know there was um it felt like a perfect storm like one i'm a firm believer in lifelong learning right so that's why i applied at ine it was a product i could really get behind um and you know if i believe in that you know i want a product um and then also you know i'm looking at the salaries potential you know i can make and then i'm also getting those inquiries but then also our general manager at the time he really wanted us to learn this stuff and he really posed it to me or positioned it to me like everyone was taking this course and he was constantly bringing up in meetings like okay who's who's gonna get certified first who's gonna get certified first like where are my bets and i'm i'm so competitive so i was like oh i'm it's gonna be me right i'm gonna get certified first um so the one i was going for and i got was the ejpt or the elearn security junior penetration tester certification so uh that certification it is a um i guess it's technically multiple choice question it's but it's not you know you are given um an ovpn file and you know you have an open lab environment and a fictional company to pin test and basically and you're given like a p cap and so you know they tell you go forth and then you have to answer the questions based off of what you find okay all right so i i had to do a little hands-on to get my certification so i was really proud of that wow that's really cool that i mean that's that's a big step honestly like going from you know customer success to evaluating caps like that's that's growth that's a that's a major jump right there yeah yeah it's a learning curve i love the excitement it's like i don't know how long ago you you got the certification but the fact that you're just you're so excited about it just shows your passion and everything and i want to highlight as well that we've brought up when we've had others on uh that there is no one path to get to where you want to go if you don't get into tech right away you don't have to just throw it away and try something else right i mean the the different steps you took and where you got to where you are and where you're going that's incredible to me i can't even fathom that it's been a fun journey no it's hard for me to even look back and make sense of it because i mean it just feels like just so much growth has happened and you know obviously like i am i'm beginner you know i am going in entry level like i understand you know i'm a skid as they would say um but i i'm just so eager to like absorb it all like i'm really excited to start my job and just like drink from the fire hose yeah so so you said you got that that one cert and i say that one cert because i don't remember the the alphabet of it but uh because here on i don't know about the other guys but i'll speak for myself like i'm not super familiar with all the different security certs the pen tests you know the i think there's like an e council or eh is it ech council or something like that uh ec council they host the ceh yeah that one uh so i i say i'm familiar with that one but apparently i'm not i can't even get that one right so but uh so so when you when you listed that one off i i wasn't aware of that one but uh but that that one's you said it's a penetration uh testing one is that something that's fun to you that that hunt yeah are you kidding me okay all right okay everybody you gotta go watch the youtube and see that smile yeah one day and ask that question yeah i mean it's like i mean you're hacking into stuff right like you're an actual hacker like i had no idea before starting at ine that there was any connection between hacking and cyber security like i layman don't know that you know i've had to explain that to family members and friends like it's just not a known thing outside of the it world right yeah so the penetration testing so so walk us through that just a little bit like like what's some of that what excites you about it i guess i know you're talking about like it's like you're actually hacking into something that that kind of excites you but uh you know like what's your overall goal with that like what is a penetration test maybe because maybe some of the people that are listening don't know what a penetration test is so what what is that let's start with that right so gosh there's a lot of discourse around what is actually a penetration test and what is actually red teaming and what is actually a vulnerability assessment and all that um so i don't want to misspeak and anger the cyber security gods here just make them mad it don't matter but if i were to speak on like offensive security in general typically the um the goal is to find the vulnerabilities in a system and exploit them and then report them back to the company so that they can remediate said vulnerabilities before bad actors get to them okay and stuff like that yeah so it's it's very very similar i mean you get your scope um and you have that you try to find the vulnerabilities and report it back to the company absolutely that's just more um well i guess not only but it's a lot more web app in bug bounties yes it's not purely web app i don't want to speak there either look don't don't worry about what you know what they're saying we say stuff on here all the time that's not really 100 accurate we're trying to create it i just roll with it when you were deciding that you wanted to get into cyber security offensive security what were some of the jobs that you were hoping to get into or what were you striving to get into right so actually the the job that i just signed on for was like the goal you know i would you know i was found from one of my tweets that is so embarrassing um it it said something along the lines of like remember that time when i told my mom i wanted to be a penetration tester and she started crying and asked me to not tell my family nice found you from that tweet they're like oh so you want to be like a pen tester yes but you know maybe different wording so can you walk us through what you're going to be getting into oh gosh i don't even know yet so the company i'll be working for is called echelon risk and cyber and they are currently a startup and they do a lot of consulting services um you know red team blue team auditing vc vcso services um you know cyber security strategy in general their core beliefs are that um privacy and security are basic human rights and they carry out their mission by um you know helping their clients with their security needs so i'm gonna be entry-level kind of all hands on deck um but primarily in the offensive space gotcha now let me ask this you said red team blue team can you can you kind of describe what is red team and what is blue team uh happily i guess the the easiest way to say it is um red team is the attack and blue team is the defense so um if i i'm doing red team i'm doing more of the offensive side of things so you know you're hacking you're trying to get into places you know physical security um see if i can just walk through maybe use my charm and get through um whereas blue team is you know sitting in a sock um you know seeing threats come in and um again i i don't want to mistake it there's so much more to it but it's more the diff defending side from your perspective do you think there's a lot of crossover there do you think a lot of people that primarily do blue team work try to their hand at red team stuff as well or do people kind of specialize what do you what have you seen so i have seen time and time again people make the recommendation or they say you know the best blue teamers no red team the best red teamers no blue team um just having an understanding of the other mindset is going to make you so much better if i understand what the blue team's looking for i can evade that better if i understand um what an attacker is thinking as a defender like i can you know better protect yeah yeah protect for that exactly so so what you're saying but what i'm hearing though is when you were given the opportunity of a blue pill and a red pill you took the red pill absolutely yeah i mean me personally i think the red team sounds a little bit more exciting but i mean it's definitely a sexier side of things right like like i i don't know and i've listened um you know to different accounts of um you know female red teamers and hearing them like for social engineering and uh physical pen testing like using like um a fake baby bump and you know using pregnancy brain as an excuse for not knowing certain answers oh wow okay i use that one all the time they see my beard and they don't let me flip my face so do you do you think you're gonna uh get into the the physical on-site kind of thing as well versus just the the virtual red teaming that's a goal absolutely yeah okay so if you see her at any of your places don't let her in just there to be friends we're just hanging out just let me through just show me what you're working with if she if she's in the parking lot and she accidentally drops her purse and all these usb drives fall out don't pick them up see i i don't know if it's just my personality but i would i would always be so afraid and so conscious that i'm gonna cross that line or i'm going to do something that that is because it's red teaming you're there you're there for a reason you're there by permission of your client but depending on what happens i mean certain things are still illegal so i man that that would freak me out i would have a hard time don't worry tim they they signed that line you know so it's all good i'm excited to learn the the intricacies there and know where that line is because you know as far as i'm concerned it's not unethical by any means if you have that permission and if you have that permission like it's kind of like an act you know you're like i am paid to perform so you're an actress now the world is my theater yeah i love it nice i i've worked at companies that have done similar type engagements as part of like a pci compliance and i remember you know we we had meetings with um an offensive attacker or a defensive security specialist and the the senior cis admin at the time just basically said like look if you find something that could cripple us don't cripple us just you know report it you know we are a functioning business there are certain things that you know we kind of drew the line in the sand that like we want to be aware of these vulnerabilities uh you don't have to show us that they actually exist just you know kind of document it and we'll take care of it on the back side and you know for the most part they agreed to that um i do recall that they they did cripple one of our servers and you know i could go in the logs and i could see exactly what they were trying to do and it was just taking the service down and it was like something our engineering team used it's like stop but it was it was interesting to see that that kind of stuff and work and work with those folks yeah we we had a company that they performed a pen test on our systems you know and um one of their questions was like hey are you are you guys okay if we do a physical you know we come in and try to actually get in your building get to areas that we're not supposed to and we said yeah and then their next question was do you guys have armed guards yeah we do it was like okay never mind we're not doing that so that's terrifying it sounds like an incredible opportunity i'm just so excited i just think of like you know james bond or you know something like that like it's you know a spy or something you get to go into this place and try to you know just get into their environment get in where you're not supposed to be that kind of thing it just that sounds fun actually well you got to have multiple skill sets you got to have the technical skill sets and then the people engineering as well so it's it's the total package yeah and i feel like a lot of people in our field aren't really people people so i am them i am well that's where i'm hoping you know my like sales background will kick in and you know all my sales training of you know get that social contract ask for help um you were gonna you're gonna be scary out there oh yeah i'm calling it right now yeah well i think i've got a very innocent looking face i'm very unsuspecting um i think it will it'll be fun that you know aj i think aj has a pretty innocent looking face too i think i'd let him in my data center no no yeah we used to do stuff like that so i used to work at a company and we we would try to elicit our users to screw up and and use that as like an educational moment we did annual security training just you know best practices don't leave your passwords on post-it notes around your desk and we would always look for stuff like that as we were like helping people and we pointed out to them like hey there's your password to the erp system i don't think you should have that there uh and a couple times a year we would always drop usb sticks like around the parking lot or leave them in the cafeteria and we we set them up so that way if somebody plugged it in and then tried to click on something it would notify us like right away and it only happened one time and it was the president of the company nice yep that reaction it was great it was great and we put stuff in there that like really tried to elicit people to click on it like layoff list and budget cuts and yeah so actually this is you're bringing up a good point here so i've noticed in my like it where i work when we do like security training and that kind of thing uh or at least when we do tests right like so we do some kind of phishing test or you know whatever you want to whatever you want to test right well it lets people know or unless the security team know at least you know who failed and and those people have to take security training for that and when we first started that it people got really butt hurt about it like major because because it was calling them out you know like like hey we noticed you tried to put your you know domain account in like 30 times on this link like what are you doing and uh so there was some kickback on that like when when we started doing some of those testing um so lily it you're you're gonna be a consultant all right does that include you teaching like doing some training or anything like that i don't know it might um you know if it comes down to you know doing some training security awareness i'd be more than happy to i think i can speak to people as a real person as like you know a non-technical person non-racial um right well i mean there's there's that you know calling out the people who did bad but there's also the rewarding the people that did well so um i find that personally i find that i respond very well to praise as opposed to um you know scolding or whatever so i don't know i wonder if i wonder if there are studies on that for security training probably not but would be would be interesting yeah so what kind of team are you going into is it is it a good size or just a few people it's just a few people i'm i'm pretty excited about it it's definitely going to be the smallest company i've ever worked for um it's startup for sure it's been around for i believe like five months now oh wow wow and if i recall correctly i'd be employee number nine oh so yeah no i'm so excited yeah we don't have that with you forever yeah i i i'm i love like building a team i get very like attached to my companies i know you're not supposed to but i like i just do um you know if you've seen me anywhere on socials like i am like a brand champion for ine and i know i'll i'll do the same for the next it's how i was i worked at invisalign for a little bit i like that there i just i go all in so um i'm really excited to you know help start this up and just get it out there yeah that's awesome so are you guys going to be like like where will you be servicing at like in in north carolina or um headquarters is in pittsburgh i will be remote my manager actually happens to live in raleigh as well so that's just a coincidence oh wow um i know how cool right because you know they've got offices in like pittsburgh and austin but you know we're like okay well we're in raleigh so cool um you know once covet dies down travel will likely be involved so it's not just one area it'll it'll be a national ordeal gotcha well that'd be good so you've gotten your start you've gotten in the door now what are you like what are some of the technology related things that you think you're going to focus on first learning and gaining more knowledge of i i gotta learn you know a language i gotta learn a language um so i've gotten by so far just knowing tools um and you know i reading a little bit of scripting here and there and using other people's stuff but i i really i gotta start some development side of things so i've actually spent some time recently learning some uh c plus basics um so kind of diving head first into that but also just like all these other tools in general like i haven't even scratched the surface of you know different capabilities and what's out there so honestly i'm just gonna be devouring anything yeah so so you're saying these tools like what are some of the tools that you use right so um you know your classics like uh like a burp suite okay um or obviously wireshark just understanding wireshark um deeper um like speaking to a network audience i gotta name some of those um just exploitation tools in general like metasploit and i was about to say is mets ploy it's still a thing okay oh yeah it's it's definitely still a thing so now now is that i'm trying to remember i used to play around with kali linux back in the day and i think it was a part of that suite though wouldn't it mitzvot yeah um i'm pretty sure it's already installed on kali linux i mean everything's installed on kali linux and parrot yeah yeah now i've heard parrot is better than kali linux is that true do you know i guess i mean i like the colors better but okay i mean that's fair they were both deviant-based like pen testing os's like okay tomato tree that's right i i typically just you know if i'm just gonna download one real quick it's probably gonna be cali um just because i feel like i've downloaded it like a billion times at this point yeah um but i like parrot as well i don't really have a preference i guess i do didn't offensive security has done a great job with that so so yeah so so let's talk about that just a little bit further so like parrot and kali linux what what are those those what do those tools do i guess they're kind of like a suite right but right inside of that oh gosh all kinds of stuff i mean i haven't even touched like half of the tools that come pre-installed on those operating systems um they are built for pen testers so you know they have everything from like network security web app security wireless um you know information gathering post exploitation um i don't know uh social engineering they have the social engineering toolkit on there um really wow yeah it it's pretty robust like honestly just sometimes for fun like i'll just go on i'll just like click on a tool and just kind of play around with it let my curiosity take over right and are those tools still free yeah oh yeah cool i mean there's definitely some that you know will cost money but i feel like they work more on like a freemium model sure sure okay well we'll throw some links to those in our show notes so if anybody listening wants to check them out you can check out our show notes and get the download links for for both of those yeah and go have a chat with robin canela in the discord he would love to talk all day with you about it so i do want to understand what was uh pounding on cali in the labs and stuff like that that seems to be a common theme in our discord community yeah yeah yeah so what was the interview process like for this position oh yeah there you go um did you have to pack into a box there no if you can hack into this you'll get a job offer no i i'll be entry level so you know they know i'm more green technically um so my first interview actually was um in vegas at defcon really yeah um i i went to defcon i'm completely telling on myself right now i went to defcon and i was representing ine uh we had a booth there and um you know after my my duties were done i um i had scheduled an interview with my soon-to-be manager um and you know we found like a coffee shop and just chatted for a little bit um you know understood if it was a cultural fit if we vibed if we can work together but also like understanding where i was technically and then also seeing some like critical thinking skills very cool oh yeah and then i guess i was just like the first one and then i met it's a small team right so then i met with like the ceo and you know just trying to trying to vet me i'm sure to see so was it was it all there in vegas or did you meet your new manager and then over time you met with others in different occasions over time after i came back i met with others over um in the age of zoom like zoom calls nice anything is possible these days virtually yeah so you you attended defcon yes that like oh my gosh so this year what it's like don't get me started i'm so excited about this um so for our listeners before you dive into that i should have started with this what is defcon there you go i would say defcon is i believe the largest hacking convention um it's it's got all these different villages um i guess i should say it's during hacker summer camp so what hacker summer camp is it's this week this week in vegas first week of august um where there's a whole bunch of security and hacking conventions back to back you know you've got typically this year there wasn't besides las vegas or um the diana initiative um the diana initiative came prior and virtually but um you know then there's vetsec there's black cat and there's defcon this year i attended black hat and defcon um i actually attended them last year virtually and i was in everyone's ear at my company i was like send me next year we're going send me and like i was like i was like how high up can i go and how often can i annoy them about this i want to go i will represent the company i will do what i can but i i wanted to go so badly so this year was kind of a strange one because it was hybrid um and there were far fewer people than there are typically um i i believe typically it's like uh 20 30 000 you know something like yeah some kind of ridiculous number and i believe i know they capped it at ten thousand but you know it was it was less than that i think they mentioned eight somewhere there's still a lot of people though yes it was a lot of people and you know coming out of you know so much isolation and not being around people and you you did have to show your vaccination card and you had to wear a mask the whole time um you have to wear your mask everywhere in vegas but um it was it was still overwhelming you know i'm sure there were a lot of other introverts there where i'm like oh gosh i haven't seen this many people in so long i don't know how i can hang um but yeah no i don't know it was just it was a lot of fun i worked a lot of it you know i i had a booth in iot village um so what i was doing in iot village is i was showing people um some ine cyber security labs and we called it like pen testing 101 so we were helping um people get their first starts and you know pen testing hands-on and you know we were next to a lot of other really cool people like actually hacking iot devices we were just like kind of there um but nice so cool i mean there's like what car hacking village like right next to us too and like a tesla in there or something uh no just like normal cars um and they like taught people how that worked i didn't get to go there but maybe next year i didn't get to go to any talks or anything um because i was like working so much of it but um you know i the real treasures were the friendships we made along the way right well i i went there um i i i love the community like the cyber security community in general and i i think that's what really sucked me in um and kept me going kept pushing me through and so it was really just a meet-up with all these friends i had made um and that like i would go back like any day just for that you know i was like i've been like following you for so long and we've been talking like like typing to each other for like a year and i'm so excited we're finally meeting yeah that's awesome that's i kind of had the same reaction whenever me and aj met because it was like started on uh on instagram and here we are i love that see community it's all about community guys absolutely so i i want to touch on on networking for a little bit and to try to understand as an offensive security professional what level of networking knowledge did you have to like go and get right like i assume you know maybe learning about routing protocols is a bit too much but definitely like the tcp kind of handshake and the communication that goes on there and like knowing that to a really good level is probably pretty important so what kind of networking knowledge would you do you have and would you recommend to somebody that you know wants to go down the same path you're going on right um so yes you should unders have a basic understanding of like tcp in the three-way handshake and like udp because that helps you with like you know port scanning and um you know those types of tools like that um but also you know it is important to know like at least arp um for just in general i i don't know i i have a hard time understanding since i haven't really gotten any kind of networking specific certifications um what level is really needed and what is considered base level and what's further than that um so so do you think like uh going further forward in your current or your new job uh are you going to are they going to want you to get a network specific or network uh focused certification or do you have plans on doing that um just just curious it right you know and in the past i've considered like maybe studying for the ccna and you know stuff like that um if if anyone's an ind fan like i'm a big fan of keith bogart and his um courses um so i i will periodically like especially if i'm like driving i'll like put on some like of his like basic networking courses and um just let it kind of seep in and start driving um yeah i don't i don't know i i again had considered my my ccna um you know i'm not sure i i know new company will want me to learn as much as i can whether that will be cert based or not i'm not sure but i am positive that um attaining more networking knowledge will never stop um yeah you know well so let me ask this in the certification that you had the pen testing do they do they cover any kind of like networking technologies or anything like that like uh do other offensive um certs do they cover any kind of like networking or anything like that yeah so the ejpt that's what i got there their accompanying course is called the pts or the penetration testing student and that course is actually available in for free like entirely free on the irony starter pass um yeah you just sign up with an account and you get that entire course plus unlimited lab time it's nuts over to me um and the way that that course is broken up is or i guess learning path it's broken up into three courses um one being your prerequisite prerequisite knowledge um and then your prerequisite knowledge um skills in programming and then your penetration testing basics so in that first course um i'm telling you this is the course that took me freaking forever i was like banging my head against the table constantly trying to make sense of any of it um for a very long time before i progressed um but the way that's broken down is it basically teaches you um you know some like binary arithmetic and like hexadecimal like up front and then it goes into a networking portion and then a web app portion and then you learn so you do learn um a lot of networking basics okay um you know like of course you need to understand ip addressing and like you know cedar notation how do you pronounce that i've heard it so many different ways guys cider yeah cider here okay cider notation thank you um but yeah and then it goes into like you know tcp and udp and some art protocols and i'm sure a lot more than i am for getting off the top of my head since i haven't gone through this course in a little bit but it does go through that networking basics thank you gotcha wish to go down that route well you can tell ine that they might see an uptick in that course once this episode comes yeah a lot of people in our community that are always looking for that next thing yeah i'm telling you i would just highly recommend it it is like i literally came from like no no knowledge and i just used this course that is now free with unlimited lab time crazy again and the certification it's hands-on so it's not yeah because you said you take a capture file and you have to i guess you pull some information from that and then that's what you start your your uh penetration with you're given that and what like a letter of engagement from this fictional company and yeah pretty much that's that's it about it nice so you are given a free retake which may have come in handy are there any other certifications that you pursued before obtaining this this position um you know i started going into like another elearn security um certification but i things came up this year a lot of personal things um and learning wasn't always the top of mind or i guess like cert learning wasn't always the top like i was constantly like reading and like i feel neurotic sometimes i feel like i'm like going crazy if i'm not learning something um but it wasn't always in that focus but i also took a um cloud fundamentals certification exam that i am awaiting the results for from irony nice so learned a little cloud along the way very cool so what's uh what's next for you then what what sir are you looking for next i don't know man you know i i've been telling people for the longest time the ewpt which is the elearn security web app penetration tester okay um but i found myself like not studying for it at all and i instead have been studying in other courses that ioni offers um and i've actually been studying for like the e c p p t word word soup but that um elearn security certified professional penetration tester um so that's more of like abroad it has the web app but also has like the networking side of things um including but i don't know i'm just kind of learning as much as i can i got you that that's such like a key uh i don't know attitude to have if you're gonna be in this industry i love that about you like you're just dedicated to this lifelong learning and if you're an i.t and you you feel like you've learned enough boy you are you are in the wrong place i don't know how anyone feels bored ever so you you mentioned early on uh when you were doing the the customer success specialist thing that you were we're eyeballing some salary so has has the salary kind of lived up to your expectations oh it's been an increase yes nice um yeah i mean you know there's only so far you can really go client success and i did switch to marketing and january of 2021 um and you know it's it's it's been cool being in that position because you know i've learned a lot about social media um i actually started my twitter um i started tweeting back in like february um so that's been fun like i don't know it's been pushing me more into the community um but i mean there's only so far you can go with that too so um i even as an entry level yes it's it's a it's a bit of a bump that's exciting i mean sometimes i feel like people do research on salaries and stuff like that you're like oh i could make two hundred thousand dollars well not not beginner but that's that's cool that you were able to you know it sounds like you took some what is now free training uh got some really really good hands-on experience that you could speak to in an interview and you landed a job and you you got a decent salary bomb that's that's fantastic and it's the job that you were shooting for i know i thought i would honestly i didn't think it was entirely possible that i could start off an offensive security i thought i would you know have to start on that defensive side and like work in a sock and you know i'm not opposed to that ever and i i think it's like super cool too and i would learn a time but you know it's really even cooler than it just like went to what i wanted to do and i i just i don't want this to be taken lightly i mean 2016 in the grand scheme of things was really not that long ago no and from what you were going through in life and and trying to get things figured out with where you wanted to be and what you want to do to where you are now and where you're about to go that's that's incredible that i mean that's no time at all thank you i i'm really excited i mean when i even look back at it like i've only been at i any like a little less than two years since i started on october 2019 so um yeah it's definitely been a journey yeah with the pandemic and all that came with that like good heavens i am i i'm just proud that i i didn't quit i just like i would take time off and like don't get me wrong like i took extended breaks but i was still telling people like yeah i'm still gonna do it like just not right now um you know there's other priorities um i guess you know just to share my mom had like chronic kidney failure and i was her caretaker so a lot of 20 20. so i was spending a lot of time as like a full-time caretaker and and then in february of this year my father died and i'm an only child so i took care of that so um it's it's been like really wild to think of how much i have like accomplished with having a full-time job that is not technical and then also dealing with like family responsibilities as well so it's like it's it's super rewarding oh my gosh there was kind of a you know this this pandemic thing that started right around that time oh yeah i mean it's just going to be that didn't complicate anything oh man that's incredible wow yeah it's it's been fun yeah when i tell you like we just smile through it we just smile through it put one foot in front of the other we keep going i love that attitude that that's it's it's not like you got you know frustrated with the content or you just decided to you know not study one day like you had some real shit going on yeah yeah and obviously you had to re-prioritize and and studying for a certification definitely had to take a back seat for the stuff you were going through i mean that's that's incredible and man my hat's off to you i don't know that i could have done what you've done fit having faced everything that you have faced between the pandemic and then the stuff with your parents what what a journey my goodness definitely truly but it was at times cyber security in like the community was just such a safe safe space for me you know um everyone at least in the circles i ran in um you know i can't speak for the all of the internet in that toxic waste but um everyone was really encouraging and you know i wasn't always like sharing what was happening behind the scenes but people were rooting for each other to succeed and had similar goals and we're connecting on that and helping each other out and um that was always like i don't know i was like well you know what i'm just gonna go online for a little bit and hang out with my cyber friends and um it made things really easy or easier for me to keep going in that space um and to focus on that and there were times where you know you know i was not very uh doing very well mentally but i would find myself really focusing in on like i went through like a old defcon um talk phase where i spent like an entire month just like binging old def con talks and like learning as much as i could in that um so i don't know it was just always like i i leaned on the community so much so love the community well on that note let's talk about where can people find you you said you're on twitter what's what's your twitter handle yes i'm sec lil c that's s-e-c-l-i-l-c excellent uh what what other social platforms can we find you on um i am on linkedin that's lily lily clark um and then also i kind of post some memes sometimes to my instagram also suckle c at sccl ilc nice i love it um it's i can't believe it this has been probably one of the fastest hours i've i've been a part of uh lately uh unfortunately we do have to start buttoning up the show um do you have any advice for anybody that might be you know wanting to get into offensive security or maybe just the the security profession in general absolutely put yourself out there um you know don't worry so much but people are thinking you know find a platform that works for you whether that's twitter linkedin discord um and just put yourself out there put your put your wishes out there put your goals put what you're studying what your findings are um the more that you engage uh the more the good will come back to you oh i i love it i couldn't agree more i really couldn't agree more uh guys any uh parting words of wisdom before before we sign this one off i just want to say thanks for joining us uh and recording this i really think that people hearing this you're going to help a lot of people that are in similar situations or are getting to that pivot point where they think they need to find something new i i think what you said is is really going to help and i will echo the the community discussion when i started trying to kind of put myself out there i kept coming back to well what do i have to say that's meaningful and you just had to start and the amount of people i've met the these guys that we're sitting here talking to now that crazy of them to invite me to come on here and do this but the amount of people you have the connections you make it's an everlasting uh benefit and you just got to get started so yeah i will definitely echo that sentiment dan anything you took my what's red team versus blue team i was just getting rid of that okay okay all right we tried dan was yeah that's scary no i mean i just literally i'd say the same thing uh sorry timmy got a mental image of me there um now i would say the same thing like uh exactly what lily was saying uh when i started tweeting more and like talking about what i'm working on and stuff like that it just it just floods in people people comment on what you're doing like i would put questions out there like i was working on some python code and i'd put questions and i got so many answers and then and then i could reply back and be like wait what do you mean right here though and then it just kept going it was crazy like i was not expecting that and so it helped me on things so definitely what she said about putting yourself out there that's major absolutely lily anything else you want to add before we sign off uh yeah i want to tell a dad joke real quick please here we go tim is ready get your pen and paper so many of these i i only have two that i like to pull from but you've probably already said this on here uh why couldn't the lifeguard save the hippie from drowning why not because he was too far out man oh my god oh that's great i do i do now that you say that lily i do have actually an infosec one that i learned just today okay why did the cso leave the company he ran somewhere nice that's great aj you can cut that one out brother yeah no no no no no no that was good that's gonna make it back to the intro that's great did you say you had two um i have another um i'm trying to think of like the best way to set this um went up oh yeah did you hear about that superhero with a lisp that had leg day yesterday nope no he's thor oh my i can just feel the cringes that's great that's great all right well she is lily clark we will put all of her socials in our show notes we will also put all the additional things that we mentioned here tonight you know the kali linux the parent was it parent i i never heard of that until you mentioned it i'm definitely going to check it out myself uh so we'll definitely add links to the show notes in there as well uh and the free training and certification that you mentioned provided by ine we will throw that in there as well so if you're interested in the training that lily has completed and scored a new job with you can find that and more in our show notes lily thank you so much for joining us tonight this has been a real pleasure truly thank you so much for having me on i had a really good time awesome well join us next week for another episode of the art of network engineering thanks please don't actually try to throw a 6500 off a building hey everyone this is aj if you like what you heard today then make sure you subscribe to our podcast and your favorite podcatcher smash that bell icon to get notified of all of our future episodes also follow us on twitter and instagram we are at art of net edge that's art of n-e-t-e-n-g you can also find us on the web at art of network engineering dot com where we post all of our show notes you can read blog articles from the co-hosts and guests and also a lot more news and info from the networking world thanks for listening you