.png)
The Hacker's Cache
The show that decrypts the secrets of offensive cybersecurity, one byte at a time. Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you.
The Hacker's Cache
#51 Q&A: Why YouTube Took Down My Wi-Fi Hacking Video
In this Q&A episode of The Hacker’s Cache, I answer your top questions about breaking into cybersecurity from a software engineering background, whether an associate's degree is worth pursuing, and how I prepare for CompTIA certifications using third-party resources. I also open up about why YouTube took down one of my most popular Wi-Fi hacking videos, how it led to a permanent warning on my channel, and what that means for future technical content. If you're navigating the transition into cyber or want to hear the behind-the-scenes reality of cybersecurity content creation, this episode’s for you.
Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY
Music by Karl Casey @ White Bat Audio
Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.
Opinions are my own and may not represent the positions of my employer.
"Did YouTube by chance remove one of your videos just recently"? And I love this question because It gives me a chance to tell everybody. Yeah, that video got removed. I got a strike for, I'm doing air quotes right now for the listeners, Harmful and dangerous content.
Now my channel is on a forever warning. If they take down one video of mine, straight to strike, no warning. You're not gonna see any technical videos on my channel for the next three months or so.
Like I said, I want to try to find a way to upload these technical videos in a different platform and yeah, I'll let you guys know what happens. Hi, I'm Kyser Clark and welcome to The Hacker's Cache. The show that decrypts the secrets of offensive security one bite at a time.
Every week I invite you into the world of ethical hacking by interviewing leading offensive security practitioners. If you are a penetration tester, bug bounty hunter, red teamer, or blue teamer who wants to better understand the modern hacker mindset, whether you are new or experienced, this show is for you. Thank you for tuning in.
Today we have another Q&A episode where you, the viewer slash listener, ask questions and I answer them here on The Hacker's Cache podcast. You can ask your questions by dropping a YouTube comment or dropping a question in the discord server and I pull the best questions from each of those locations and then I bring them here on the show. So ask your questions and I'll feature them on the show.
So without further ado let's go ahead and dive into the first question. Question number one. I'm a software engineer for a bit more than 10 years now and thinking about shifting into cybersecurity in the near future.
Is it something any people here have ever done? Any regrets or advice? So I will say this. I have never been a software engineer, but I do know for a fact that it has been done many, many times. If you just go on LinkedIn there's tons of professionals that you're able to connect with that you can see that they came from a software engineer background.
Matter of fact, a couple episodes ago I had John Kinellas who used to be a software engineer and he's now an AppSec professional and he's got some higher-end Office Security certifications. So it's definitely possible, especially with 10 years of experience. You are sitting really good.
I mean the hardest part is getting your first tech job and that's nothing to ignore right there because a lot of companies, a lot of employers, they want that tech experience and if you have a few years of tech experience, then you're going to be able to break into the field a lot easier. Now, it's not easy. It's never easy even if you have 10 years experience, but the more experience you have in the tech role such a software engineer, the better off you're going to be and that's the main thing.
So that's a pretty common question I get from people who are already in tech, you know, maybe you're a network engineer, maybe you're a system administrator, maybe you're a help desk. Like that's the hardest part. Getting your first tech job is actually the hardest part into breaking into cybersecurity and often that's the prerequisite for a lot of places is getting that first tech job and getting experience and then migrating into cybersecurity.
Now, you don't have to get that first tech job, but it helps substantially and some employers will not hire you because they believe you have to have that tech experience before you can secure things. So, I don't know. There's a misconception out there that, you know, people think that if you have a lot of experience in tech, that's not cybersecurity.
There's no correlation. There's a lot of correlation, man. There's a lot.
A lot of those tech jobs, software engineer being one of them, it correlates into some cybersecurity roles, specifically AppSec or like a web app pen tester and you know, source code review. So, there's a lot of opportunity for you there, especially with 10 years experience. I mean, that's a lot of experience.
I mean, I don't even have 10 years experience in IT. You know, I have a total of seven years experience in cybersecurity and IT combined. So, you're sitting pretty good.
All you have to do is get your certifications, get your training and start applying and, you know, figure out what your passion is. If you're coming from a software engineer position, you have a good background in web development. So, source code review, AppSec and web app pen testers is some roles that you'll probably find that come a little bit easier than some of the other roles, but you're absolutely not locked into those types of roles.
You can go any way you want. And yeah, because I learned how to do web app pen testing and I didn't come from a software engineer background. And so, you can definitely learn the other avenues like network pen tester or like cybersecurity analyst, cybersecurity engineer, even coverage risk compliance.
So, a lot of opportunity for you and you're in a really good spot. You just got to put in the work, do the training, get your certifications and start networking with people and you'll find yourself into a cybersecurity position in no time. That should be a relatively easy, easier shift for you compared to someone starting over, starting from scratch or someone that only has a few years of tech experience.
Question number two, starting my associates in cybersecurity degree this fall. What do you think about an associate's degree? This is a really interesting question because this is something that I don't really talk about, right? Because I usually talk about four-year degrees and master's degrees because that's what I have. I have a four-year degree and a master's degree.
I don't have an associate's degree. I'm actually one class away from finishing my associate's degree and I just, I never did it because I didn't really feel like I needed to because I was already got my bachelor's degree and I was like, well, I'm gonna get a master's degree anyways. So, you know, the associate's degree is never gonna pop on my resume.
So I was like, well, I don't really need this. I mean, even it would be relatively easy for me to go do one class and get the associate's degree and I still might go do that just because I don't like to leave things unfinished, but it's really not gonna move the needle for me because I have a bachelor's and a master's degree. Now, if you have no degree, yeah, then an associate's degree is definitely gonna help you, right? You know, associate's degree is better than no degree, right? So there's that.
Generally speaking, you know, I feel like most employers, most job postings, they don't, they're not asking for an associate's degree. They're typically asking for a bachelor's, a four-year degree or a master's, which is typically another two-year degree on top of the already four-year degree. So it's kind of like a six-year degree.
But yeah, like, I don't know. If you want to get an associate's degree, I would, there's, I wouldn't say don't do it, but at the same time, I don't expect it to move the needle for you a lot either. I would really try to push for the four-year degree because that's where a lot of companies are kind of want you at.
I did a video about college degrees. I don't know, a couple months ago now. If you, if you scroll my YouTube videos, you'll find it eventually.
But I did that video and I talked about pros and cons of degrees, whether I think it's worth it or not. And it really just depends, you know, I, on where you're at in, in the process, in your career, in life. I typically don't think debt, going into debt, is worth, worth it for a degree.
But if you can afford it, then I don't see why not. But if you can afford the four-year degree, then I would, I would put two more years and get the four-year degree because that will actually move the needle for you. Degrees are still needle movers in today, but they're, over time, they're becoming less and less needle movers.
And by needle movers, I'm talking about like, how much does it affect your career in a positive way? Like, does it open up doors for you? So, degrees are becoming less and less relevant over time. So just keep that in mind, but they're still relevant today. So, you know, if you want to get an associate's in cybersecurity, it's, like I said, it's better than no degree, and I think it's a good start.
And, you know, it's gonna, if you get that, then it's gonna let you know, like, hey, is college for you? Is college not for you? And then you can form an opinion. You can build on top of that, or you can, you know, go a different route and get certifications. I still think certifications are better than degrees overall.
Like, I would take, if I was a hiring manager, I'm not a hiring manager. I've never hired anybody. I've never even interviewed anybody, as far as, for jobs, obviously.
I interview people on this show, but that's a different type of interview. But, yeah, I'm not hiring people in cybersecurity. But if I was, I would probably like to see someone with, like, five certifications over a degree, personally.
That's just me. But it helps to have both. This is why I have both.
This is why I have a lot of certifications. This is why I have a bachelor's degree, and this is why I have a master's degree. Because you can't eliminate me for anything, because I have it all.
Well, almost all. I mean, I don't have any, like, CVEs. I don't have, I think it's pretty much, I don't have any bug bounties, either.
So, CVEs and bug bounties is two things that I'm lacking. But the certifications and the degrees and the hack the box of TriHackMe leaderboard, high leaderboards, I don't think the ranking helps you on those platforms. But definitely going through the challenges on those, it definitely helps.
The employers like to see that. But I think, for me, in my opinion, certifications are the biggest needle mover, followed by college degrees. Now, experience trumps it all, right? My six years in cyber defense operations went by, that helped me out so much more getting into my first pentesting job than those certifications.
But those certifications helped a lot, too. I mean, like, I don't think I would be, I would have got a pentesting role if I didn't get those certifications. I probably would have got out of the military and got another help desk role or a sysadmin role.
So, without those certifications, I don't think I would have landed as a pentester. So, like I said, certifications, huge fan of them. I know a lot of people don't like them, but I love them.
And that's the reason why I have a lot of them. There's a reason why I'm going to get more. But they're not everybody's cup of tea.
And if that's not your cup of tea, that's okay. You know, there's a million ways. I always say there's an infinite paths in cyber security, so you can go whichever way you want.
But yeah, so I just agree. I think it's a fine start. It doesn't hurt you at all.
But I don't think it, like, helps you a lot, if that makes sense. I think it helps a little bit, for sure. Everything helps.
There's nothing that's absolutely bad, unless you're getting the CEH. You're not just getting the CEH, it still has... The CEH still has some relevancy, too. It does help you a little bit, too.
Although it's become less and less relevant over time. Like college degrees. Okay, moving on to the third question.
I could have sworn that I watched a YouTube video from you about Wi-Fi WPA2 cracking just the other day. Did YouTube by chance remove one of your videos just recently? And I love this question because it gives me a chance to tell everybody, yeah, that video got removed, right? And I wasn't able to just, like, tell anybody because YouTube... So my channel is on a permanent warning, guys. It's on a permanent warning because I got a strike for... I'm doing air quotes right now for the listeners.
Harmful and dangerous content. I made some videos about Hydra and how to brute force passwords. And I had two warnings in a very small window, which equals a strike.
And because of that, I got a strike for the same thing in a short window. Now my channel is on a forever warning. Like, I can never get rid of the warning.
So if I mess up, if they take down one video of mine, straight to strike. No warrants. Straight to strike.
And when I get strike, then I can't upload for a week. And then they take the video down. And yeah, I'm really glad you asked this question because it gives me a chance to kind of talk about it.
Now, I did talk about it on social media on LinkedIn. It was kind of a... It kind of blew up on LinkedIn a little bit. But if you're not following me on LinkedIn or if you're not following me on LinkedIn, then that's okay.
But that's what happened to that video. And it just gives me a chance to explain what happened there. And yeah, so why did that happen? You know, I don't know.
Because it's Wi-Fi hacking, I guess. It hits too close to home. Everyone has Wi-Fi, right? Everybody has Wi-Fi.
And when you teach people how to hack, literally anybody on the planet, technically. I mean, everyone, like I said, almost everybody's got Wi-Fi in their home. YouTube didn't like it.
Even though I put in the video that this is for educational purposes only. Don't do this illegally. You know, they still didn't... They still flagged it.
But it's not just me. I thought it was just me because there are some other Wi-Fi WPAD cracking videos out there on YouTube. Tons of them, by the way.
Tons of them. But mine got struck down for some reason. But YouTube, they enforce these videos.
It's not consistent, right? And I've had several content creators reach out to me and say, hey, this happens to everybody. It's not just you, right? But what is weird is that they just randomly pick videos sometimes. And that's what makes it seem unfair.
But almost everybody's had videos taken down in this cybersecurity content creation community. So I'm not sweating it. I mean, I wish YouTube didn't do that to our videos.
And that reminds me, like, I do want to start pursuing a different way for technical videos. Because another reason why I think that video got taken down is because I correlated it to the real world. Because that's, I mean, that's important, all right? If you want to do this stuff for real and do real world pen tests, then I try to correlate it to the real world impact.
And when I did that, it just, YouTube's like, whoa, whoa, this is real world impact here, you know? Like, you know, I went, I did go deep. I did go deep on that video. It was a fun video.
By the way, you can watch this video on my website, Kyserclark.com, on my blog. It's actually, I think it's, if you're watching this at release time, it's one of the most recent ones. But yeah, just if you, if you're listening or watching this later in the future, just go to the search bar on Kyserclark.com and just type in, like, Wi-Fi to APA2 Cracking, and you should be able to find it.
And yeah, that video, you can watch for free on my website. And I don't get any ad revenue for that one, but it is what it is. Yeah, and that was a good video, though.
I really liked that one. And I want to do a Wi-Fi hacking series. I was going to make several more Wi-Fi hacking videos because there's different ways you can do Wi-Fi hacking.
There's other techniques and there's different attacks that you can do in Wi-Fi. But now I'm afraid to do it because YouTube don't like it. If I get struck again, then I got to go two weeks without uploading.
If I get struck three times in a 90-day window, then I get permanently banned. So I got to chill on the technical videos. You're not going to see technical videos from me for the next, I think, 90 days.
Yeah, 90 days I have to go without getting another strike. So YouTube, they let this kind of content fly. They let my career advice videos fly.
It's just the technical videos. More times than not, they let it go. Like they're allowed to put it on there more times than not.
But just every once in a while, your technical videos get taken down, which is most unfortunate. So you're not going to see any technical videos on my channel for the next like three months or so. So it's unfortunate, but I just have to play by the rules.
I had to deal with that handicap. I'm actually, like I said, I want to try to find a way to upload these technical videos in a different platform. And yeah, I'll let you guys know what happens there.
I'm still going to keep trying to post on YouTube technical videos. But it's pretty clear that they don't want Wi-Fi hacking. So I'd like to put the whole series somewhere else on a different platform.
So very unfortunate. But yeah, I really like that question because it gives me a chance to explain it to everybody who follows my content that doesn't follow me on social media. OK, last question.
Question number four. You said you use third party training for all your CompTIA certs. Since I'm doing the same, can you share what is the third party training for CompTIA? Thanks.
Yeah, so this is a question I get a lot, actually. Like, hey, what do you use a study for certification? So for CompTIA, though, my order of operations is like the first thing I like to do. I like watching a video series and I go to CBT Nuggets or I go to ITProTV.
I think it's called ITPro now. I don't think it's TV anymore. But I go to either one of those platforms.
Both of them are good. Both of them are high quality. But I guess ITProTV is like they kind of let go a couple of the instructors, which is most unfortunate.
But I did really like ITProTV. Where do you go? It really just depends on the instructor for me. So for Security+, I went to CBT Nuggets.
Keith Barker was a great instructor for that. For Linux+, once again, I went to CBT Nuggets. Sean Power was a great instructor for Linux+.
What did I do after Linux+, I think it was, was it Pentest Plus? I think it was Pentest Plus. Pentest Plus, I went ITProTV because Daniel Lower, he was an instructor for that and he was a really good instructor. And I went there because even though I like Sean Powers for Linux+, and the Linux content, excellent Linux instructor.
He was doing the Pentest Plus on CBT Nuggets, but he wasn't Pentest Plus certified. I was like, man, I don't really want to learn from someone who isn't certified in that search. So that's a big deal for me.
Like if you're going to teach a cert, I feel like you have to at least have it. And as much as I love Sean Powers, I love this content. I just like, man, it doesn't have Pentest Plus as far as I know.
It wasn't advertised anyways like that. And so I went ITProTV and I went Daniel Lower. Great instructor, by the way.
CYSA+, once again, ITProTV, Daniel Lower, good one. You can also go Dion Training. He's got really good training as well.
He's got, it's not CBT Nuggets or ITPro. He, I think it's just Dion. If you Google Dion Training or Dion Contia, you'll be able to find him.
He's a good instructor too. Although that wasn't my main video course. That was like a supplementary video course.
What I did for his course, I didn't even watch it. I just listened to it. I got the app.
I got the Udemy course and I just listened to it on to and from work, like a podcast. And that's a really good way to passively consume the content. It's a good auxiliary.
And then I, when I got to back home after work, I would watch the video, the ITProTV videos. For Cloud+, I went CBT Nuggets and I went CloudBart on that one. So that was, that was an instructor for that.
And that was a good course. I went SecurityX. I have that certification.
I actually didn't study for that one. So I don't have a recommendation there, but you can go either way. There's, there's courses out there.
You just got to Google around. ITProTV makes solid content. CBT Nuggets makes solid content.
And then after the video course, guys, I like to do a book, a study guide book. So I go to Amazon. I type in CompTIA, whatever cert you want.
It'll say, hey, Linux Plus, study guide. And you're going to get some several options. And for more times than not, I like, I like the Cybex published books.
They got various authors, but the ones that are published by Cybex are quality books. For Security+, I did the Get Certified, Get Ahead by Daniel Gibson. Unfortunately, he has passed away.
And I don't know if they, if, if there's the Get Certified, Get Ahead is still going on, but that's what I use for Security+. All the other CompTIA certifications, I go Cybex. And yeah, Cybex makes some quality, quality books.
But there's all, there's other options out there too. Just read the reviews and, you know, read about the author. Like see what the author's credentials are and just whatever you think vibes with you.
And then you really can't go wrong, right? As long as it's got some decent reviews on Amazon or whatever books are your bindings at. Also, get a practice question book. You want to do as many practice questions you want.
You want to do at least a thousand for every certification. The harder the certification, the more questions you want to do. But if you do a thousand questions, you're sitting pretty good.
And it's okay if you miss, I always tell people this, it's okay if you get like, if you see a 40%, 50%, 60% on your practice questions, like that's pretty normal. Especially at first, if you're getting 40%, it's like, that's, it looks really bad. You're saying, dude, this is an utter failure.
That's pretty normal for, for the first couple of practice questions. But by the end, if you are in the high 60s or the low 70s, you're, you're sitting good. In my opinion, like if you're sitting high 60s, you should want, you should be aiming for like mid 70s.
And if you're getting mid 70s, you're absolutely ready for the actual exam. Because these practice questions are typically harder than the real exam. And in my opinion, in my experience, very rarely do I get an 80% or higher on a practice question, a practice test.
That's just how hard practice questions are harder than the real exam, which is good. Because when you get in a real exam, you're like, man, this is easy. So yeah, if you're getting high 60s, you can probably, you can take the exam.
You're, you're probably going to, there's a good chance you'll pass. If you're in the 70s percents in your practice questions, very good chance you'll pass. Not guaranteed, obviously, but that's, that's kind of the benchmark.
And like I said, you want to do as many practice questions as you can. Speaking of practice questions, if you get a subscription to CBT Nuggets or IPProTV, they also give you practice questions and flashcards that are the same. So for example, if you get the CompTIA Pentest Plus CBT Nuggets course, and you get the IPProTV Pentest Plus course, those, you get the same exact flashcards and you get the same exact practice questions, no matter what.
And I know this because I use both platforms. I don't, I'm not subscribed now, but a handful of years ago, that's how it was. I'm assuming it's still the same.
If not, let me know. And yeah, I won't get that advice anymore, but I think I would imagine it's pretty much the same. Really good practice questions.
Once again, they're pretty hard. You should shoot for 70% or higher, but if you see 50s and 60%, that's pretty normal, especially if you're starting out and even 30%. I mean, there's been a couple of practice questions tests that I gave myself where I got like 30 something percent.
You're like, oh my gosh, let me read that chapter again, dude. And that tells you you're in a weak spot. So yeah, it is a struggle and it's not, none of this stuff is easy to get right.
Like I struggle with every certification I got, even though I didn't like a lot. Most of my certifications I got, I have passed on the first try, but I have failed hundreds of practice tests, guys, hundreds of practice tests. So if you're failing practice tests, that's perfectly normal.
And you want to fail the practice tests a few times because that's how you get better. And that's how you learn. Anytime you miss a question, you're like, oh, I missed that.
Why did I miss that? And then that's a learning opportunity. You actually learn more when you fail a practice test than you do when you pass, in my opinion, because typically when I pass, like when I get a question right, I don't really read the explanation, but if I get it wrong, then I read the explanation and then that's a learning opportunity. What else do I do for Conteo certifications? That's pretty much it, guys.
You know, once again, to recap, video course, certification guide, practice question books, and then the video course CBT90s or ITProTV comes with. Typically, practice questions, flashcards, and that's it. And if you fail for whatever reason, then you can get another video course and you can get another study guide.
I would read the study guides cover to cover from front to back. And another hint here I would, I like to do is before you read the chapter, take the end of chapter practice test, which is like 10 to 20 questions long. They're not very long.
They're not full practice tests. That's why I recommend getting a dedicated practice question book because they do have like 100 question practice exams and those 80 to 100 practice questions. But the ones in the study guide, those are like 10 to 20.
And I think they give you like one, maybe two practice exams. And sometimes, actually, they give you even more on the online. So if you register the book online, you can get even more.
So you want to do as many practice questions as you can. So yeah, that's what I do for Conteo certifications. And the reason why this question was asked, actually, is because in my PT1 video, the Tri-Hyper PT1 is a new Pentest certification, for those who don't know.
That I mentioned that because they did a cost comparison and it's like, yeah, that Conteo Pentest Plus is like $1,100. I'm like, no, it's not. It is $1,100 if you get their Conteo official training.
I've never used a Conteo official training because it's expensive. I mean, I don't even know if it's good. I mean, I imagine it's pretty good, but it's expensive.
So that's why I use third-party training and not the official training from Conteo. And just in case you are wondering. That's why that question is asked because I was like, yeah, guys, I just use third-party training.
I don't use official training because it's cheaper. Then you can get it done for a lot less money. And there's some pretty good third-party options out there.
Like I said, I like the Cybex books, but there's other publishers out there. And then there's other video courses out there too. There's Udemy courses too.
It doesn't have to be IP Pro TV or CBT Nuggets. You can get a Udemy course. And like I said, Deon training is pretty good.
Just go with what seems right to you. And then if you fail, not a big deal. Just go get some other training.
All right, guys, that is all the questions I have for this episode. This has been a little bit of a shorter episode, but that's okay. It was straight into the point, which is probably pretty good.
I mean, I probably rambled a little bit there, but you know, oh, this one's nice. Keep it a little short. Anyways, guys, thank you so much for watching.
Thanks for listening. Hopefully, I'll see you on the next episode. Until then, this is Kyser signing off.
