#52 The Ultimate Hacking Wisdom Compilation

Show Notes

This episode marks one year of The Hacker’s Cache.
To celebrate, I’ve compiled the most powerful, insightful, and thought-provoking moments from every single episode of Season 1, all 52 of them, in one back-to-back highlight reel.

This isn’t just a recap. It’s a front-row seat to the best hot takes, bold opinions, unique insights, and raw truths from some of the most driven minds in cybersecurity. Whether you're a red teamer, aspiring hacker, or cybersecurity professional looking for real-world advice, this episode is packed with the type of wisdom you don’t usually get in one place.

You'll hear perspectives on:

• Breaking into cybersecurity without a degree
• Penetration testing vs. vulnerability assessments
• Active Directory labs and red teaming tips
• AI in cybersecurity (real hype or real threat?)
• The OSCP, burnout, bootcamps, and job hunting
• Soft skills, report writing, and real hacker mindsets
• And why the Nigerian prince still works in 2024

If you’re new to the show, this is the perfect place to start.
If you’ve been here since the beginning, this is the ultimate rewind.

Welcome to Season 2. Let's get to work.

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY


Music by Karl Casey @ White Bat Audio

Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

Opinions are my own and may not represent the positions of my employer.

Chapters

• 0:00: Introduction
• 0:42: #0 Security Is Not Everybody’s Responsibility
• 1:10: #1 Do Something Great in the World ft. Joshua Ragland
• 1:40: #2 Transition From Pentester to Senior Pentester ft. Adolfo (Val) Vask
• 2:07: #3 Best Way to Learn Active Directory Hacking Skills ft. Robert O’Connor
• 2:35: #4 A Vulnerability Assessment Isn't a Pentest ft. Kristofer Johnson
• 3:12: #5 Pay It Forward ft. George Raileanu
• 3:40: #6 Is AI Going to Cause Bad Stuff? Of Course, Everything Does ft. Mike Finkel
• 4:10: #7 Think Outside the Box to Land First Pentesting Job ft. Ryan Daub
• 4:40: #8 Cybersecurity Is a Beautiful Field: There's People That Don't Like Me ft. Aaron Tra
• 5:10: #9 Red Teaming & Malware Development ft. Nathan Rice
• 5:40: #10 Breaking into Cybersecurity: Tips from a Pro ft. Jake Mayhew
• 6:11: #11 Stay Creative Together: Insights from Nouha Ben Brahim
• 6:43: #12 Why OSCP Might Not Be Worth It - A Surprising Take by Evan Isaac
• 7:13: #13 Hacking Time: Real World Skills They Don't Teach You | Trent Darrow
• 7:43: #14 Social Engineering Unleashed: DEF CON Insights from Jacob Villarreal
• 8:14: #15 From Zero to Hero: How Anyone Can Succeed in Cybersecurity
• 8:43: #16 Why Cybersecurity Is Stressful and How to Succeed with Opeyemi Kolawole (Hacking Insights)
• 9:11: #17 Unpacking Bug Bounty Strategies with RootSploit: Zero Days, Recon, and Vulnerabilities
• 9:42: #18 16 Years in IT, Now a Fortune 100 Pentester: 0xD1CE Shares His Journey
• 10:10: #19 Beating the Odds in Cybersecurity: What It Really Takes ft. James Scott
• 10:44: #20 What it REALLY Takes to Pass OSCP (and What They Don’t Tell You) ft. Trent Miller
• 11:15: #21 Unpacking AppSec: Lessons and Insights with Jonathon Fuller
• 11:45: #22 Q&A: Cybercrime, Certifications, and Sacrifice in Cybersecurity Careers
• 12:07: #23 SOC Analyst Life: Challenges & Secrets from Trent Williams
• 12:29: #24 Building a Career Together: Lessons from Clint & Si The Hackers
• 12:54: #25 Beyond Compliance: How Hackers Think and What Companies Miss ft. Albert Corzo
• 13:18: #26 Q&A: The Certification Everyone Asks For (Is It Overrated?)
• 13:39: #27 Red Team Reality: Building the Hacker's Edge ft. Mike Ortiz
• 14:07: #28 Outwork the Competition: Winning the Cybersecurity Career Game
• 14:46: #29 InfoSec Pat’s Journey From Network Engineer to Cyber Mentor
• 15:14: #30 Uncovering a $200M Fraud Ring with David Taxer
• 15:41: #31 Q&A: Are Tech Giants Planning to Replace Us with AI?
• 16:16: #32 From Physical Security to Penetration Testing: Paul Nieto III's Journey
• 16:46: #33 Are Cybersecurity Bootcamps a Scam? ft. Keith Coleman
• 17:10: #34 Why Top Pentesters Make More Money (Most Ignore This Skill) ft. Spencer Alessi
• 17:43: #35 Q&A: The Harsh Truth: You NEED to Code for Cybersecurity Mastery
• 18:17: #36 The OSCP Won’t Save You ft. Tyler Ramsbey
• 18:45: #37 He Hacked for 1000 Days Straight: Here’s How It Landed Him a Cybersecurity Job ft. Constantinos Kaplanis
• 19:01: #38 Fired or Freed? Turning a Cybersecurity Layoff into Your Next Big Break w Justin Mahon
• 19:22: #39 Q&A: Struggling with Burnout? Here’s Why It Might Be a Good Thing
• 20:01: #40 Proof You Don’t Need a Degree to Succeed in Cybersecurity ft. Zach Winchester
• 20:34: #41 How to Actually Become a Great Pentester
• 21:18: #42 Certifications, College, or Bootcamps — What’s Worth It in Cybersecurity? ft. Channa Rajaratne
• 21:53: #43 Grind Now, Relax Later: The Harsh Reality of Breaking Into Cybersecurity ft. Matthew Younker (Zumi Yumi)
• 22:28: #44 How to Hack What No One Teaches ft. Noah Pack
• 23:00: #45 OSWA Grind: 24 Hours. No Sleep. One Last Flag ft. Pratham Shah
• 23:31: #46 She Started Coding at 13 and Never Looked Back ft. Betta Lyon Delsordo
• 24:00: #47 Q&A: Feel Lost Watching Hacking Videos? Listen to This
• 24:27: #48 He Got Hired Without Knowing the Answer: Here’s Why ft. Michael Kim
• 24:55: #49 He Found Vulnerabilities in His Own Code: Then Made a Career Out of It ft. John Kounelis
• 25:34: #50 No OSCP. No Degree. Still Landed a Red Team Job ft. Richie Vinson (4NU81X7H3H4CK3r)
• 26:07: #51 Q&A: Why YouTube Took Down My Wi-Fi Hacking Video

Transcript

Welcome to The Hacker's Cache, the show that decrypts the secrets of cybersecurity one byte at a time. I'm your host, KyserClark, and I'm so glad that you have decided to tune in to this episode because this episode is a very special episode because this episode marks the one year anniversary of my show. And because it's the one year anniversary, we are celebrating the end of season one and the start of season two. 

And this episode is going to be a compilation of the best moments of season one. More specifically, it's all of the intros from every episode in season one. So without further ado, enjoy.

So here's my hot take. Security is not everybody's responsibility. A person who is an accountant, they don't care about cybersecurity. 

And unless you put cybersecurity in a job description, people don't care. They go to work and they get their paycheck and then they go home. That is like the majority of people out there. 

We can't rely on end users to be vigilant. All they care about is doing their job and they will take every shortcut that they can to accomplish that job. I don't know. 

I just want to do something great in the world that would benefit humanity or before I get really, really old and kick the bucket. That's a great take. That's honestly a great mentality to have. 

I think the same way. I'm the defender of cyberspace and I'm trying to make the world a safer place through security because pretty much everybody I know that's not in security, they don't care about security and they're relying on us to protect them. Another thing that would help transition a penetration tester to senior status would be to have years of experience doing different types of penetration tests, whether it's network penetration testing, web application penetration testing, API penetration testing, or ICS SCADA or IoT penetration testing. 

Someone that has well-rounded skills would help them transition from a regular penetration tester role to senior penetration tester role. What's the best way to learn how to pen test Active Directory? Probably hack the box, not specifically their active machines, the pro labs that they have. In my opinion, I've done half of them, I think two out of four. 

I would say they're well worth it. I've done the introductory one, Dante, and then the more so intermediate one, Offshore, which is super good, highly recommend if you want to specifically learn Active Directory testing. It has a couple of different forests or domains that you can test that are all Active Directory joined.

Probably really isn't a hot take, but a vulnerability assessment isn't a pen test. Running Nessus or a web app vulnerability scanner is not a pen test, and just because you want that check mark, there's still plenty of underlying issues. A lot of people don't understand. 

I think the real problem with differentiating a pen test and a vulnerability assessment is that people who sell vulnerability assessments as pen tests, those people, they're almost like scammers. They're almost on the scammer level. It's like they're doing a vulnerability assessment and calling it a pen test and then charging company pen test money to get it done. 

That's why I think it's important for anybody in this field, if you accomplish anything, just share your story because someone wants to hear you. I agree. There's going to be somebody out there, and I think that helps your imposter syndrome too.

You talk to that individual and they're like, you know what? That really helped me. It's like, okay. I'm actually helping people. 

That's amazing. That's great. You're not an imposter. 

Pay it forward. It helps you. It helps the community. 

It's great for everyone. I love AI. I think it's awesome. 

I think it's the future. It's great. Is it going to cause bad stuff? Of course, everything does. 

I think this is just the beginning, and I think it's really huge. There's plenty of people that think it's overrated and they think it's not anything special. Yeah, I agree with you. 

It's definitely a huge thing, and there are people that are kind of like sweeping it under the rug. I don't think it's a fad. I don't think it's a fad at all. 

I really do think if you're ignoring it, then you're going to get left behind in this competitive field. Just vulnerable boxes, like I'm not exploitable, and some of those other vulnerable systems that you can set up. I would do that, go through pen tests, type up reports, and I actually submitted one of my pen test reports with my application. 

Wow, that's great. I never heard that before, uploading a pen test report to the application. Awesome for you for coming up with that. 

Did you come up with that on your own, or did someone tell you to do that? No, honestly, I did come up with that on my own, because like I said, I was so into making that transition, I was just ready to do whatever I could to land something. Silence the noise. Cybersecurity is a beautiful field because we have so much information available to us. 

Cross-site scripting, how to get a job, why your resume sucks, and I know for a fact there's people that don't like me out there. Not everybody likes me either. There's going to be people that just disagree with you. 

When you listen to advice out there, definitely take it with a grain of salt, because no one has all the right answers. We're all figuring this out together. No one knows everything, and there is infinite paths into the world of cybersecurity. 

There is no one right way to do this. This is your journey. When you're doing a red team engagement compared to a penetration test, do you feel more like a threat actor at that point? Oh, absolutely. 

That is the best cure to imposter syndrome I think I've ever had, was if this were a real phish and this were a real everything. If I was actually a bad guy, I'd be a millionaire right now. The company was thrilled with us too. 

They loved it, and I was like, okay, I did some good. How much malware development does a red teamer have to know? Can you get by by not knowing how to develop malware? I would say you can get by, but you're going to have a really uphill battle with it. It's a difficult realm for getting hired these days. 

If you're listening to this and you're like, man, I filled out 100 resumes or job applications and sent out my resumes. It is hard. It's not just you. 

It's where the industry is at the moment, unfortunately, where the economy is in the moment as well. I was getting out of the military and I got rejected several times. It's just going to happen. 

The best thing you can do is just pick yourself up and keep going. If someone's going to give you a chance, you just got to don't give up because if you give up, it will never happen. My advice would be something like stay creative if you're doing hacking because most good hackers are really creative minds. 

I've been trying also to apply that in my work and trying to connect with creative people. That really helped me. I would advise people to collaborate with others. 

You will learn and you will teach at the same time. The hacker spirit is like sharing information and teaching the community at large. Definitely don't be afraid to reach out to people and just have a conversation.

Most overrated cybersecurity certification? The OSCP. You said OSCP and I did not see that one coming. Honestly, I did not see that one coming. 

What would you say to people that might have a couple of certifications and they're not getting any job offers? Rule number one is to stay consistent and never give up. The job market sucks right now. I'm just going to be honest. 

It is so brutal. You never want to lie in your resume. You never want someone to ever go out of their way to take the exam for you. 

It can only lead to problems for you, not for the other person. Time management. If you spend all five days pentesting in that report, it's due Monday.

Guess what you're doing over the weekend? I may have spent some extra time finding a couple extra ways to get to DA, but totally dominated the network arguing with their C-suite because they wanted to downgrade every finding. I didn't even know what enumerate meant and he was telling me to take the OSCP and boy, did I get destroyed. The AI is not taking our jobs. 

We're in a safe field. Good note-taking. It took a while to dig down in what note format I liked.

To be on the path of being a really good Red Teamer, you will need social engineering skills. Having that skill set of social engineering whenever you go into Red Team engagements is a huge plus. That's what's worked for me to get internal access on my Red Team engagement.

It's always been through social engineering. I went into a conference room, found the network port, plugged it into my laptop. That's whenever the four other people were like, can I help you? What are you doing here? I was like, I'll snap. 

I'm busted. He was like, I probably shouldn't be telling you all this stuff because you're in social engineering club. My boss is going to get mad if I tell him that. 

Anyone can get in cybersecurity. It doesn't matter what your background is. It doesn't matter who you know right now. 

You don't have to have a college education. No one is born knowing the information. We have to learn this. 

You have to stay consistent. Discipline beats talent every single time. You're just going in the lab and you just can't seem to get it right. 

That's part of the process and that's actually when you learn the most is when you fail. You have to keep studying. You have to keep learning cybersecurity.

You can't take your foot off the gas. As a Red Teamer, you have to stay up to date every time you are emulating threat actors. If you are trying to emulate the threat actors, you are trying to go above and beyond. 

Prepare your mind. It's not an easy PC. It will be an easy journey. 

You chose this field. Nobody forced you to be here. Put in effort to kind of understand the field, your specialty. 

Be a better version of yourself every time. Always aspire to learn. Once you are away from the steep learning curve and once you're starting to get the hand of it, then you'll definitely enjoy the output that you get. 

So that's why it's also the most rewarding and also the most challenging part. There are just two categories in bug bounty. One is first come, first serve. 

And second is just focusing on one target, going into the depths, doing some research and end of the day, you're finding a zero day in a product. If you want to be someone who is really quick at hunting bugs, you can be someone who can automate a lot of recon process. At that point, I was kind of somewhat afraid of what was going to happen with my position and started asking questions about offensive security and Red Teaming. 

Took the OSCP on my own dime. When I passed it, it was one of my happiest times because it was my first offset certification and finally being able to feel like I can do something rather than just Blue Teaming. I think for some people, they do need to be spoon fed. 

At the end of the day, you're responsible for your own career path and your own growth, right? It took me three years to get a contract basis with the company. And then it took me a little while longer to get a full-time job. I'm not the typical 70 percenter that just does their eight hours a day and does the bare minimum to get by. 

I'm not here to play games. Quitting is not an option. How much sacrifice are you willing to make? There's so much competition. 

You need to get as much education as you can. You need to search as you can. You need to separate yourself from the average. 

This is not easy. So suck it up buttercup and stay persistent and you'll make it. When I was trying to really get into it where people were saying, you're not going to get in.

It takes many hours to get through the content. You're staring at your screen all day long. Yes, you're learning cool things. 

Yes, you're doing cool things, hands-on learning. But you start to push aside your family, your friends, your free time. Everything goes into getting that. 

You burn all of your free time. Everything becomes a inconvenience. The sacrifices are real. 

They really are. It's like that one cousin you wish you weren't related to. You get to shape a lot of the company's growth or the app or the website's growth or the mobile application's growth. 

You can quite literally shape what APIs it has available. When you're working with AppSec for a web app, you're stuck with there. For me, two years I'm working with that website and it's never going away. 

Whack-a-mole moments because they'll always pop up and you always need to whack them back down. AppSec forced my view of cybersecurity to be much more holistic. I think about it as an investment into your future. 

I quit playing video games and video games are expensive. I spent thousands of dollars on video games. Once I stopped doing that, I had so much more money that I didn't realize I had.

Money management is a huge deal when it comes to your cybersecurity career because the more money you have, the more money you can invest into your career. I would say also for people that are in tech or trying to get into tech, I would say don't sleep on your transferable skills. If you're good at talking to people, if you already work tickets, if you reset a password, put that on your resume. 

When I put it on a resume, I call it risk analysis because I'm evaluating risk. That sounds more cybersecurity because we got risk management framework. It's all about wordplay. 

Looking back, I think we thought cybersecurity was only hacking. I think we thought that was all it was. It wasn't anything. 

Our cybersecurity was we're going to hack you and then that's it. We didn't actually know that there's multiple other avenues of risk governance, all of that sort of thing. As well, we didn't look into it deeply enough.

It's our fault at the end of the day. That's why 70% of infections come from phishing. Because phishing, and do you know also many people still get trapped or get hooked by the Nigerian prince where the people spend their money. 

But it's still working in 2024. It's like crazy, right? It does. I did some investigation. 

It was so funny. It's very real world because there's no flag to capture and there's no multiple choice questions. There's no fill in a blank or nothing. 

It's like you hack into the thing and you write a report on it. That's how it is in the real world. That's why I like TCM a lot because it proves competency better. 

In his video, he said, if you're going to start your OSCP, first thing you need to do is apologize to your wife, your friends, your family, and your loved ones, because this will consume you for the next however many days or months until you get this exam. It was so true, right? Going into work, doing work, labbing on the side, going through the manuals, going through the stuff, coming home, spending another two or three, four hours at it, going to sleep, waking up, rinse, wash, repeat. How do you shine above everyone else when you're applying for jobs? The more work you do, the more you're actually in your competition. 

You need exactly what you put in and honestly, it's a simple math formula. Inputs equals outputs. One plus one equals two. 

The more work you do, the more you get for it. The good news is most people aren't willing to put in the work and most people are always trying to find shortcuts to success. Here's the secret. 

There is no shortcut to success. The shortcut is accepting that there are no shortcuts and getting to work as soon as possible. And what I would say from what I've heard is do it with a group of friends. 

I think it's a little more exciting and I got that information from Nomset. So definitely go out there and get with a group of folks and I think that'll be better to do it like that than like, okay, let's jump into a program and jump into an app and do it all by yourself, especially if you never did it before. Nobody is going online and bragging about making $2,000, working an hour a day, fresh out the gate, brand new to the industry. 

Every aspect of that is a red flag for fraud. It's supposed to be the kind of thing that you report immediately. I didn't realize the scope of what was going on when I saw all this, but based on my experience as someone in that industry and knowing how the system works, everything about it was completely wrong. 

That's his plan. He flat out said it. He's like, yeah, we're going to bring in this AI, we're going to train it, and it's going to basically do the work of an intermediate developer, an intermediate engineer. 

And that's his goal. Why does he want to do that? Well, AI labor, it's a heavy investment out front. However, long-term it's going to be cheaper because human labor is very expensive. 

It always has been. I think it's safe to say like, yeah, these tech giants, these tech billionaires, they want to replace you. There's hiring managers at both conferences. 

If you're going to go and I tell people, I had a couple of people comment about being introverted, try talking to people at Target, going to the gym at just random people, Starbucks, et cetera. That's how you build up. That's a skill set to have. 

Having that skill set is going to allow you into some places that people can't get in, right? Different circles, different areas. And those circles have other to get you in. Especially if you go on your own as a consultant or a business, that's avenues in, right? Because you're already known, you already have built those relationships and trust factors. 

So you have to take advantage of it and you have to build up that skill. I think it is a waste of money. I think it is a waste of time. 

It's six months and they range from $7,000 to $30,000 for a bootcamp. I think that is insane. I know a few people myself that went through that and they still haven't found a job and it's really unfortunate. 

Now they're in debt. So yeah, that is definitely my thing on bootcamps. I think it is, to put this into fewer words, I think it's a scam. 

I asked the client, where are the skeletons in your network, in your environment? If they're honest, they'll tell you because it's just value for them, right? If you spend a week in a client environment bashing your head and then you have three findings, it's great. You provided some value. In the kickoff call, I asked them, what are you concerned about in your environment? What are the things that if a threat actor got onto it or they disrupted it, or something happened to this thing, whether it's a server, a process, an application, whatever, what are you most concerned about? JDBD does a lot of that entry level coding stuff for you nowadays. 

But if you want to be an expert, if you want to reach the senior status, then you need to learn how to code. You need to be at least an intermediate level coder. If you ever want to be considered an expert in the field or you want to be a senior in the field, but if you're okay with staying at that entry level or intermediate level, then you don't really need to grow your coding skills. 

But if you're like me and you want to be a true expert in the field, then coding is essential. Everything runs off code. Everything, every program that you're on, every tool you're running, there's code behind it.

I also think people need to recognize the OACP really is an entry level pen testing cert, which is confusing because pen testing itself is an entry level. But once you get the OACP and you think like, wow, that's the hardest thing. Just wait till you do your first internal as a pen tester and you have hundreds of hosts on an internal network and you have to be careful about password spreading. 

You don't want to lock out accounts, but you're trying to get to domain admin. It is way more complex than anything you'll encounter on the OACP or really any other exams. My advice to anyone trying to break into the field is, as they say, your network is your net worth. 

Keep networking, attending conferences, keep applying and doing interviews until you are eventually hired. Techniques are changing all the time. The last couple of years, we've seen a lot of companies migrate to cloud and everything. 

And there's just so many different parts of cybersecurity, especially just offensive security. There's cloud, active directory, ICSOT, mobile apps, there's a lot to learn and that you could specialize in. My opinion, burnout is all bad because you want to push yourself. 

And if you don't push yourself, then you're not going to know what you're capable of. And when you hit burnout, like, okay, you understand what you're capable of. You push yourself to the limit. 

That's good. And every time you push yourself to the limit, guess what? You get better, right? That's like going to the gym and you're lifting weights. You go to failure and that's how your muscles get bigger. 

It's the same thing when it comes to your training and your brain, like, yeah, you're going to hit burnout. But then once you recover, you're going to come back so much stronger. It's not fun to go through it. 

But like I said, every time I fight through a series of burnout, like I come back better than ever. And what makes it interesting to me is that it's unlocking this entire new area, a new niche, a new discipline of pentesting or offensive security, because we're going to need people who specialize in finding the security loopholes in AI and large language models. And those exploits are, in my opinion, are pretty different than like a web app or a network test. 

And it's a whole nother discipline that we have barely got our feet wet in as a community. We got blue team, we got red team, we got offensive security, defense security, government compliance, customer service, all these things, you know, how to write a report, communication, all these, there's so many skills and you're not going to be perfect at any of them. And that's okay. 

And you're not expected to be perfect at any of them. That's just why I think it's really going to be well-rounded, right? You don't need to be an expert in any one category. And if you are an expert in one category and you're weak in all your others, I mean, I don't even know if you consider yourself a great pen tester, right? If you can find exploits all the way, but you don't know how to communicate that in a friendly way, then you're not a great pen tester, man.

I think a lot of people focus a lot on, you know, chasing the new shiny cert and building up their technical skills and, you know, learning so much, but they overlook the soft skills and the report writing side of things if they want to get into pen testing, because that's super important as well. And I think that you don't necessarily need to be the best pen tester out there, but if you have like this whole different sets of skills and all the other skills to complement whatever pen testing experience and certs you have, it goes a long way than just, you know, chasing all the certs, right? I had to grind really hard to break in a very unhealthy amount. Like I gained weight. 

I was like doing five hours a day. Like you said, I did time calculations for the lead up to OCP. I probably put in 500 hours at least, and that was over three months. 

So, and I was working full-time. I was going to college full-time and doing that on top of it. So adding all these things together, like I had one day off a month pretty much was my average. 

It was one day where I didn't have to do anything, cybersecurity or my computer. And the worst part of it was, I was like, I should be studying right now on my one day off. Read the manual. 

It's right there for you. A lot of these things where there's no information, like how to pen test it. There's plenty of information on like how to do QA testing on it.

You can find really valuable things as a pen tester in those materials. What happens when you send in too much data and overflow the buffer? What happens when you send in too many requests? Those are things that QA probably looked at in their QA testing. Read the manual for it and you'll have a huge leg up. 

Even I think the OSEP is easier than OSWA. Just half an hour left into my exam. I just woke up 24 hours straight. 

I didn't sleep for even a single minute. That's trying harder at work right there. 24 hours. 

You stayed up for 24 hours straight. You had 30 minutes left. That's remarkable. 

And I got my last flag. Yeah, that's great, man. And that's what it takes, man. 

That's what I tell people. For me, OSCP took me 17 hours. OSWA took me four tries. 

Four tries. If you're afraid of coding because you have to set up like so many annoying things and download things and Java versions and whatever, just use like an online editor and just do some basic tutorials. And honestly, I teach coding to middle school girls in this competition called the Technovation Challenge. 

It's like an international app building competition. I've been doing it for like nine years. And I'm like, if I can get some middle school girls to learn coding, like everyone can learn to code. 

It's not as hard as people think it is. It's like if you can type, if you can do basic math, you can code. And I'm just going to harp on one more time. 

It's OK to have that feeling. Like when you see like my live streams or like my technical videos and you just don't know what's going on, that's perfectly normal. That's perfectly OK. 

I would say most of us feel that way before we even get started. But like I said, take that thought, throw it in the trash and just take one small step at a time and you will make it as long as you work at it every day. I was definitely not going to get the job, but somehow I got it. 

And I was like so curious. And I was like, how? How? Like, why did you guys give me the job? I don't think I didn't think I was going to get the job. I felt like I wasn't good enough or I didn't have enough knowledge. 

And the thing they told me is we could see you get better at every interview. We could see you asking questions. And sometimes the technical questions, they would ask similar questions. 

And the next time, the first time I was able to answer it, but the next time I was actually able to answer it. When you go through the typical CS curriculum or you start a job as a software engineer, there's very little, if any, knowledge that you gain about how to develop secure code. Even the top, best, smartest engineers at Google, the super cracked 10x engineers that can reverse binary trees in their sleep, they still probably don't know the basics of security. 

It's like, you can do all these leak code hards, but like, hey, I just owned your app because you don't know how to check the content type of file uploads. That's just not a thought that comes into a lot of developers until they either are forced to learn it or maybe they have to deal with an app sec person like me to teach them. Why don't you have OCP? When I initially started this journey three years ago, I wanted to go about it in a very unique way. 

I wanted to go about it in a way that didn't need college. I did want to have, make sure that I had certifications and the proper skillsets for whatever job that I wanted to do, but I didn't want the standards, right? Like the OACP so that individuals could say, hey, well, you had this to make it past the HR firewall. That's just my opinion. 

That's just my game plan, my action plan, but I was able to utilize and leverage my network and my actual skillset to bypass all that. So that's my outlook. Did YouTube by chance remove one of your videos just recently? And I love this question because it gives me a chance to tell everybody, yeah, that video got removed. 

I got a strike for, I'm doing air quotes right now for the listeners. Harmful and dangerous content. Now my channel is on a forever warning. 

If they take down one video of mine, straight to strike, no warning. You're not going to see any technical videos on my channel for the next three months or so. Like I said, I want to try to find a way to upload these technical videos in a different platform.

And yeah, I'll let you guys know what happens.