#61 How to Level Up Fast in Your First Cybersecurity Role ft. Ryan Daub

Show Notes

In this episode of The Hacker’s Cache, returning guest Ryan Daub shares his journey from IT support to offensive security and reveals practical advice on how to level up fast in your first cybersecurity role. We cover the importance of mastering fundamentals, documenting your work, learning from failures, and asking questions without fear. Ryan also opens up about leading internal pentests, preparing for the OSCP, transitioning toward red teaming, and why patience and persistence are key to long-term success in ethical hacking. Whether you’re starting your first pentesting job or planning your next certification, this episode delivers real-world insights you can apply immediately. 

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://youtube.com/KyserClark
https://www.linkedin.com/in/KyserClark
https://www.twitter.com/KyserClark
https://www.instagram/KyserClark
https://facebook.com/CyberKyser
https://twitch.tv/KyserClark_Cybersecurity
https://www.tiktok.com/@kyserclark
https://discord.gg/ZPQYdBV9YY


Music by Karl Casey @ White Bat Audio

Attention Listeners: This content is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

Opinions are my own and may not represent the positions of my employer.

Chapters

• 0:00: Welcome & Guest Intro
• 5:10: Security Mad Libs Challenge
• 8:13: Is the OSCP Overrated or Underrated?
• 15:13: Why Documentation Matters in Hacking
• 16:55: Surprising Payoffs From Staying Consistent
• 19:10: First Steps Into Red Teaming
• 26:02: How to Level Up and Future-Proof Your Cyber Career
• 31:07: Key Lessons Every New Pentester Should Know

Transcript

[Ryan Daub]

If you were mentoring someone who just landed their first offense security role, what advice would you give them for leveling up quickly and for future proofing their career?

 

[Kyser Clark]

Be fearless, take on as much work as you can, don't be shy about it, take an ownership on things, and not being afraid to fail. Because I know it can be cumbersome in the beginning, but that's how you learn, that's how you grow. Never be afraid to ask questions, don't feel dumb.

 

You don't know what you don't know. Consult with senior guys, that's how you're going to learn. Because if you don't ask the question, you're not going to know and you're not going to learn it.

 

[Ryan Daub]

Welcome to The Hacker's Cache, the show that decrypts the secrets of cyber security one bite at a time. I'm your host, Kyser Clark, and today I have a returning guest, Ryan Daub, who is an offense security analyst associate with experience in pen testing and red team engagements in the healthcare sector. Before transitioning into offense security, he worked in IT support, system analysis, and system administration with a bachelor's of science and information sciences and technology.

 

Ryan also holds certification including OSWP, Pentest Plus, Security Plus, and Microsoft Certified Azure Fundamentals. He's currently pursuing the OSCP while building skills in red teaming, adversary emulation, and EDR bypass, and he remains active on LinkedIn sharing advice for those entering the field. And if you're wondering what episode he was on previously, it was episode number seven, so feel free to go back and listen to that episode for more of a background on Ryan Daub.

 

However, not necessary to enjoy this episode. So Ryan, thank you so much for coming back on to The Hacker's Cache podcast. What have you been up to since last time he was on the show?

 

[Kyser Clark]

Hey, Kyser, thanks for having me. I appreciate it. Yeah, I've been in it for a little over two years now in this offset role, and I've been staying busy.

 

I started out at the beginning doing some basic external testing and slowly transitioning to taking more leadership and now leading some internal engagements, internal pentests, and contributing to red team operations. So yeah, I've gained a lot of experience and come a long way in just a couple years.

 

[Ryan Daub]

Yeah, with that leadership, what does that entail? Is that mentoring junior pentesters? Is that making more decisions or just being more self-sufficient?

 

What does that leadership entail?

 

[Kyser Clark]

Yeah, not necessarily. It's actually more due to the fact of just being on a super small team We used to have Jake Mayhew on the team, and he had moved on. So there was a time period actually where I was by myself.

 

I was the solo guy until we were able to bring on actually another guest that you had on, Nate Rice. So I had a lot on my shoulders, and I mean all good. It helped me grow and learn a lot.

 

So during that time period, I was able to take on a lot of ownership with some of the stuff going on internally for us.

 

[Ryan Daub]

So it's just you and Nathan on a team now?

 

[Kyser Clark]

Correct. Yep, just two of us. We do all the testing internationally.

 

We do external testing, coordinating third-party testing. We do internal pentesting, internal red team engagements, and we're going to hopefully expand even more and start doing some mobile in the future. And yeah, we're doing it internationally because the hospital chain that we work for, they're international.

 

So we're going to be doing some international testing coming up as well. So yeah, we got our hands full, that's for sure.

 

[Ryan Daub]

Yeah, one thing I'm wondering is, you just mentioned that you do some external pentesting, like you bring in external consultants for compliance reasons. I remember we talked about that on episode seven. And one thing that I'm thinking about is when you bring in these external consultants, when they find things that you don't find, how does that make you feel?

 

Because I feel like for me, it would be an ego thing. I would be like, dude, what am I doing? How did I not find that?

 

That would make me mad. But at the same time, it would make me get better. So how do you look at it when that kind of situation happens?

 

[Kyser Clark]

I would say the latter, actually. We just take it back as a learning experience. That actually did happen in an engagement this year.

 

So we just took it back and improved our tradecraft and tooling to end up improving our external attack surface. So we really just took it as a learning opportunity because we're all here to help each other and get better. So I more view it that way.

 

[Ryan Daub]

Yeah, that's true. You don't know what you don't know. And you definitely learn a lot from other pentesters, which is half the reason why I started this show, because I learned a lot from you guys, from the guests that I bring on.

 

And then I learned a lot from my coworkers. I'm like, they find stuff and they share their findings. And I'm like, huh, I didn't even know that was a thing.

 

So always, always looking to improve. And you're right, that is the mentality you have to take. But I still think part of me would be like, man, why didn't I find that?

 

You know what I mean? But I mean, I think it's okay to have that thought. But as long as you don't let that part eat you up, and then you actually switch it back to like, oh, yeah, this is a learning opportunity, then I think it's probably the healthiest way you can go about it.

 

Absolutely. All right, Ryan, let's go ahead and do Security Mad Libs. For those who are new to the show, Security Mad Libs is a fun little section of the podcast that I do here on the Hacker's Cache podcast.

 

And I'm going to ask Ryan five fill in the blank questions related to cybersecurity. And if he answers all five questions in five seconds, he'll get a bonus six Mad Lib not related to cybersecurity. So Ryan, are you ready?

 

[Kyser Clark]

I guess so let's do it.

 

[Ryan Daub]

He didn't pass the last time he was on. Hopefully you can get it this time. I'm rooting for him.

 

Your time will start as soon as I stop asking the first question. Ryan, the wildest phishing email I've seen tried to what?

 

[Kyser Clark]

Get my credentials.

 

[Ryan Daub]

If I if I were a hacker alias, my name would be just a little bit. The cybersecurity conference I never skip is besides my go to icebreaker at tech meetups is sports. The most underrated certain cybersecurity is say that again.

 

Most underrated certain cybersecurity. OSCP, you got 41. I'm going to give it to you.

 

I might have asked that last question a little too fast and maybe you didn't. So I want to give it to you. So the bonus, you can explain your response as much or as little as you want to.

 

You can dodge a question entirely. So here you go. The best place to hide during a zombie apocalypse is best place to hide during a zombie apocalypse.

 

[Kyser Clark]

Uh, probably my basement. I don't know because I got a lot of my storage down there with pretty much everything I need. Uh, food, utilities and whatnot.

 

Probably just basically my basement. I don't know. Just camp out and hide out in my basement.

 

[Ryan Daub]

Yeah, that's a lot of people don't really think about like just staying home and it's under it's an underrated location for sure. And that would be my response to if I lived in a woods, which is a long-term goal. Mine is to move in the woods away from society, um, because the robots are going to take over and, um, I didn't want to be safe.

 

So I'll get there eventually whenever, uh, I can afford it. But, uh, yeah, that's, that would be my go-to place to just stay in a home and in the woods. Um, other places I would consider, like if you're like extraordinarily wealthy, then like underground bunkers top tier for sure.

 

And then, um, maybe like camping out in the mountains could be a decent spot or maybe just camp out in the woods, but I mean, having a house, that's a lot of protection for sure. All right. So your most interesting response out of the security Mad Libs, he said the most underrated cert in cybersecurity is OSCP.

 

Now we had a guest in last season, Evan Isaac, I forget what episode number that was, but he said that was the most overrated cert. And you're saying it's the most underrated cert. So why do you think it's the most underrated cert?

 

[Kyser Clark]

Uh, yeah, obviously everybody's going to have different opinions, but for me, it's just all about the grind, I guess, the grind and, uh, the consistency it takes to pass it. Uh, I know it's a foundational and basic level cert, but everyone's at different starting points. And from my perspective, uh, it's really helped me level up a lot because, uh, just staying hands on keyboard with it and, uh, you know, grinding through the course, the labs, and even taking some exam attempts, it's, uh, it's a grind.

 

So, uh, and I've spoken to other fellow senior pen testers and actually they, they shared the same sentiment. And, uh, you know, they told me most OSCP holders that they, they see, uh, and just have a better, better wit about it, better wits with, uh, pen testing, better knowledge overall. So, yeah, I think it's, it's definitely, it's a great stepping stone into, into, uh, pen testing for sure.

 

[Ryan Daub]

Yeah, I agree with you. I, I actually kind of get a little annoyed when I see people hate on OSCP and LinkedIn, um, because here's, here's a fact, and this is going to be a hot take, but this is the facts of the matter. You'd never see anybody complain about OSCP who has OSCP.

 

It's always people who don't have it that are either too lazy to get it or incapable of getting it. Now I do, I can see the people who, who might have the skills to get it and who have the work ethic to get it, but just don't have the wallet to get it. I can understand that, but yeah, I, yeah, you don't really see people who have OSCP complain about OSCP.

 

I mean, sure there's some out there, but most people who get it, I'm one of them. I'm like, I'm really glad I did that. That was totally worth it.

 

[Kyser Clark]

Just the mindset overall. Uh, I noticed it, it just, uh, it changes your mindset and, uh, just the grind of it. Yeah.

 

And just the exam itself being 24 hours and being proctored on top of it. I know a lot of people like the arguments out there about the price and all that, but that actually factors into it that the OSCP is a proctored exam. And, um, yeah, I don't know.

 

I think it's taken me to new heights and just going through the course and the labs and grinding through it. So, uh, I definitely think it's underrated.

 

[Ryan Daub]

Yeah. And I just recently found out about people like paying other people to like, take the Hack the Box CPTS. Um, those Hack the Box, those Hack the Box certifications aren't proctored and you can totally get away with that.

 

And I mean, I recently did the Try Hack Me SAL 1 and all they asked me for was a picture of my ID. Like I could easily just sent someone a picture of my ID until like, yep, go ahead and take the exam for me. You know?

 

Um, so I'm a big fan of proctoring. I know some people like, oh, I don't like them being watching me, but I mean, at the end of the day, it's the only way you can like really prove that the person actually did it. And there's no denying.

 

It's an undisputable proof that you did the thing, right? Cause someone watched you for the full 24 hours. Like, so, um, like I said, there's other certs that it happens.

 

I'm not saying that everyone's out there doing it and I'm not telling you to do it. Definitely do not do that. Do not do that.

 

They will revoke your cert if you get caught for one. And then for two, like you're just going to be awful at interviews and you're going to get exposed. And once that happens, once you get exposed, your reputation's down the drain for probably the rest of your career, to be honest with you.

 

So just don't, don't do that. I would rather fail CPTS 20 times before I cheated, but get it.

 

[Kyser Clark]

I've heard it from other senior, senior guys as well about the cheating and taking exams and some of the other, uh, platforms. So yeah. And just for me having a family and everything like a 24 hour period is very tough to begin with.

 

So, I mean, you got to know your stuff, you got to be efficient to be able to complete, you know, an 80 set and three standalones in 24 hours. So it's definitely challenging. That's for sure.

 

[Ryan Daub]

A hundred percent. It's, it's very challenging. And I passed OSCP on my first try, but I failed OSWA, which I like to consider the cousin, the OSCP.

 

I failed it three times, not 80 certs, not at all. And so I'm going to rewind and go back on like the price. And if anybody out there is like, man, it's expensive.

 

Let me, let me tell you this. Um, the OSCP is worth every penny because it exposed you to so many recruiters. So many recruiters are specifically looking for OSCP.

 

It's the most in demand certification for pen testing right now. If you want to be a pen tester and you're going to get a lot more recruiters hitting you up in, in HR, it's more recognizable. Like those other search like PNPT and CPTS, while they do have very good content, I'm, I'm taking the PNPT tomorrow and it has great content, but it's still not as many job postings.

 

I think it's going to change over time, but when it comes to the price of the OSCP, you got to look at it as an investment, it's not cost. And if it helps you land a six figure job, then I mean, there's no return that's better than that, in my opinion.

 

[Kyser Clark]

Yeah. And I know there's a lot of talk about it out there, but, uh, like I know some people that have it, they just, that are complainers about it. They don't really have any IT, some of them, at least that I see, they don't have IT experience to back it up with.

 

I mean, I know a lot of employers like want you to have general IT experience to couple with that. So I see a lot of, a lot of guys running into trouble with that as well. They're like, Hey, well, I got my OSCP and I can't find a job.

 

Well, um, I don't know. And we can get into that later. I was actually going to, um, add that as a point for the final question on some advice and, you know, what I've learned in cybersecurity.

 

So.

 

[Ryan Daub]

Dang dude, spoiler alert. Now the guests know that you get the final question in advance. So long-term listeners, the guests always get the final question in advance.

 

They don't get the other questions in advance though. Oops. No, it's all good.

 

I mean, I asked the same question to everybody. So, I mean, if you watch any episodes, you like the guests who's never like the viewers and the listeners who listen to this regularly, like they know the final question because I asked everybody the same one.

 

[Kyser Clark]

Well, I'm not bad.

 

[Ryan Daub]

No, you're good. You do get a different one because you're a returning guest though. We'll get there.

 

All right. Foreshadowing a little bit. So yeah.

 

One of the coolest things that you said during episode number seven. And as a reason why I put it at the beginning of the episode, because I thought it was the best highlight of that episode was you, you documented your lab work and it was essential to your transition. So how do you continue documenting and tracking your growth now that you're in the role?

 

[Kyser Clark]

Yeah, that's a good question. A lot of the big projects I do, I'll document that actually to like transition over to my resume at some point. So I usually document any big projects I do, anything that I complete as far as work goes.

 

And then just in my personal life, like with OSCP and all that, that I'm working on, just going through the walkthroughs and proving grounds and like documenting everything step-by-step. And I even have like a running checklist and everything. So yeah, it's definitely been key for me just keeping everything organized, documented.

 

And yeah, I feel like I'm pretty good with that and it's done me well. So I highly recommend that as a skill as well.

 

[Ryan Daub]

Yeah. And that reminds me that I'm going to go to Wild West Hacking Fest and I signed up for the report writing bootcamp and I've written probably a hundred reports at this point, but there's always room for improvement. And a report is such a critical skill that really differentiates you as a, as a pen tester.

 

And even me, who is now approaching seasoned pen tester, I don't want to call myself that because I've only been enrolled for a year and a half now, but I'm getting there. Even me, like I want to learn how to write better and I want to get some other takes from other, you know, seasoned pen testers. So yeah, documentation is a crucial skill.

 

So looking at your career so far, what is one area you've invested time into that paid off more than you expected?

 

[Kyser Clark]

Honestly, just the basics of pen testing. I try to make it a point to be hands-on keyboard. And as I said, I'm still going through the OSCP course and like the Proving Grounds labs I've transitioned to.

 

So I just try to make it a point to just stick with the basics. And I saw one of your posts on LinkedIn before about, you know, not feeling bad, struggling through even easy boxes or like looking at hints or looking at guides because there's just always stuff that you just don't know. So it's just constantly going through that type, those types of scenarios.

 

And just doing that, I've picked up so many new techniques and tricks along the way and, you know, just continue to make sure I document them and have them in my arsenal for, for future engagements. So that's kind of how I approach it. Just, yeah, staying hands-on keyboard and working at the basics.

 

I kind of compared to, I was a big wrestler back in the day in high school. So it's kind of the same mindset. You know, you got to go into practice and you do your basic takedowns and you work on that every day, no matter what, and you build up your skills from there.

 

So it's the same thing, just doing hands-on keyboard, doing all the, all the network testing at a basic level and lateral movement skills, all that stuff. So yeah, just staying consistent.

 

[Ryan Daub]

That's a good analogy with the wrestling. And I said something similar. I used to play basketball and you know, I made the analogy that the fundamentals is like doing your layups, like even the pro players in the NBA, they practice their layups.

 

They practice their free throws every single day. There's no such thing as overdoing the fundamentals. So, I mean, at a point you do want to move on, but you still also want to go back and revisit them.

 

And a lot of times when you start doing the advanced stuff, you're automatically going to revisit them. So it's, it's critical that, you know, those fundamentals like by your hand. So you're doing your OSCP now.

 

And I know before the recording, you told me that you like to think ahead, but it's, you know, you're trying, after the OSCP, you got some things lined up. So what, what do you plan on doing to level up your career after the OSCP? Once you get that knocked out?

 

[Kyser Clark]

Definitely continue with the red teaming side of things. Definitely probably the CRTO course. That's probably going to be the next one lined up.

 

Because I think we discussed a little bit before that's not just the natural progression in our field, you know, going from pen testing to red teaming. So probably just checking out a couple of those courses. And I was fortunate enough.

 

I got to go to Specter Ops' Adversary Tactics course. So that was a great experience. I went out to Virginia for like four days and took that course.

 

It really opened up my eyes. And, you know, even though I'm trying to get to that point and going in there, like I didn't have a lot of red teaming knowledge. It's just like anything else, you got to start somewhere.

 

And even if you feel uncomfortable with it, you just got to take the risk, take chances and not feel stupid. Just ask the questions. And, you know, then I just come back with just little things here and there.

 

And then you just build from there, like just little techniques or like, oh, I didn't know that. Or maybe I should look at this or maybe I should think about it this way, you know, even just mindset or approach. So it's just continuing at it and hopefully getting to the red team side of things.

 

[Ryan Daub]

Yeah, you're right. That is a natural progression if you want to keep leveling up those your hacking skills. That's one thing I'm shooting for is go to red teaming as well.

 

And yeah, CRTO is definitely on my radar as well, because a lot of people have it and they say it previous guest, Robert O'Connor, last episode, he was talking about how CRTO really helped him build those red teaming skills. So definitely worth looking into if you're already a pentester and you're trying to get those red teaming skills, because one of my videos that I made about pentesting is that like pentesting can get pretty boring and you're not honestly, I don't feel like a hacker half the time. I really don't.

 

And I think red teaming would solve that problem for me. I'm like, I can like actually emulate threat actors. And I think that's definitely like I'm like, want to get into because I want to feel more like a hacker.

 

Yeah, definitely.

 

[Kyser Clark]

I don't know. I wouldn't say I have that, that feel that feeling or sediment. I do feel hack, hacky ish.

 

In my environment, we have a pretty strong hardened environment. So, you know, getting any type of code execution or any of that in our environment stuff, so, but no, yeah, absolutely. It's, it's red teaming is the next step.

 

And yeah, we'll see. I'm just taking it day by day and, you know, just building my foundational skills. And like I said, staying hands on keyboard as much as I can and building those skills.

 

And hopefully I can get to that point.

 

[Ryan Daub]

Yeah. So as a internal pentester, how do you go about your day to day job? Because like, as an external consultant, I'm coming in and like everything's a new environment for me.

 

And I only have a week to do it. And it's kind of like the same routine, you know, if it's a week test or sometimes two weeks, sometimes it's a three week, but most times one or two weeks. And, you know, I start out with, I have my methodology, but for you, you're always in the same environment.

 

So like, how do you determine like, yo, this is what I want to test this day. This is what I want to test this day. And like, how far do you plan out or like how do you, how do you determine like what you're testing?

 

[Kyser Clark]

Yeah. Well, first off we have to do some compliance testing, like PCI specifically. So those are definitely on the books.

 

And anytime we acquire any other hospitals, we typically bring them into the fold. So those are always prioritized, like the compliance based ones. And obviously the third party one that we have to do for compliance purposes.

 

But coming up here, I like Nate Rice. We onboarded him recently and I like his idea where we're going to start rotating, you know, quarterly tests in some fashion, whether that's pen tests, red team engagements, whatever, external engagements, and, you know, just picking a different scope or picking a different environment. Like we have international locations.

 

So, you know, we can always mix it up. That's never, I've never noticed that actually as an internal guy, it does not get stale for me. Because not only rotating the tests, we also have major changes going on in the environment, constantly new infrastructure being spilled up, spun up, new systems, new websites, everything.

 

So I mean, we always have hard work cut out for us. It doesn't get stale. And yeah, like I said, moving forward, we're going to be rotating testing coming up.

 

So that'll be good.

 

[Ryan Daub]

Nice. That's good that it doesn't get stale. Because I don't know, for some reason, I always think like being an internal pen tester would get stale, stale faster than external consultant.

 

Because if I get tired of an environment, like all I got to do is wait a week or two, I'm in a new environment. But yeah, that's good to know that even as an internal pen tester, if people, if that's the way they break in, or if that's what they prefer, maybe some people actually don't want to be a consultant. Because being consultants, a lot of customers, you got to have a huge customer service skills.

 

And some people, they don't want to talk to clients all day. So for those people that are out there, listen to Washington, I want to be an internal pen tester. I think that's good news.

 

You still got your work cut out for you. You still got new additions to the network.

 

[Kyser Clark]

Yeah, the networks are so large, it's hard. I mean, it's hard to cover a whole network. So that's what we're going to do is start splitting it up and targeting specific subnets, or like I said, targeting a specific hospital that we acquired, or an international location, and just keeping it interesting like that.

 

So I don't get stale at all, that's for sure. And then just as an internal guy, the other side of it is just more like admin type work too, that we have to do and maintaining our infrastructure, and things of that nature, keeping up our tooling and whatnot. So we're always busy.

 

[Ryan Daub]

Yeah, that's interesting. And you mentioned acquiring other hospitals. And I mean, in a way, that's kind of like an external test, because it's a whole new environment that you've never seen before.

 

So yeah, that's really cool that you get those opportunities. Yep, exactly. If you were mentoring someone who just landed their first office security role, what advice would you give them for leveling up quickly and for future-proofing their career?

 

[Kyser Clark]

Be fearless. Take on as much work as you can. Don't be shy about it.

 

Don't be afraid of failure. Like I said, early on, I was starting out with smaller tasks, like external testing, external attack surface mapping, and then to transition to slowly, like, once I felt comfortable, hey, I'm actually going to lead this PCI test now, or hey, I'm going to lead this internal pen test now. And, you know, just taking ownership on things and not being afraid to fail.

 

Because I know it can be cumbersome in the beginning. But that's how you learn. That's how you grow.

 

So that would be my first recommendation. And second is always just to just ask a lot of questions. Just never be afraid to ask questions.

 

Don't feel dumb, because you don't know what you don't know. So I always consult with senior guys. I'm always good about that.

 

And just seeking advice, whether it's like mindset or technical questions, just always, always seek advice. And don't be afraid to ask questions. That's how you're going to learn.

 

Because if you don't ask the question, you're not going to know and you're not going to learn it. So those are my two key pieces of advice.

 

[Ryan Daub]

That's great wisdom there. And yeah, I totally agree with you, especially the part where you said, just take on as much work as you can. Because if you get more exposure to different areas, then you're going to learn a lot more.

 

And then you're also going to, you're going to figure out what you like the most. And then when you find something you like, like, just like apply the hacker mindset to exploit that. And you know, you're not going to get bored if you keep doing the things that you enjoy doing.

 

Exactly. Yep. And volunteering helps a lot too.

 

I mean, when that's been helpful for me in my role, like, like, hey, we need someone to do a night pen test, or hey, we need someone to do two pen tests in the same week. And you need to put in an extra 20 hours, or hey, we need someone to do an IoT pen test. Those are three things that I volunteered for that really, really helped me out in my career and helped me level up.

 

[Kyser Clark]

Yeah, because then you just you build off those experiences. Like I remember the first like PCI pen test I led. You know, I did good things had good finds, but I was getting gobbled up by EDR. Like all the other defenses and stuff. And, you know, you just you go back to the drawing table then and you just learn from those experience. And, you know, now I'm improving upon that. And I'm able to get by some of those defenses.

 

And it's a slow process. And I guess I would add patience, just have patience in your career. It's it's tough.

 

There's so much to learn. And it's it's a long process. So you just got to continue building off the basics and, you know, take on as much work you can and learn from that.

 

[Ryan Daub]

Yeah, the patience is a huge, huge key there, because I, I like the idea of aggressive patience, which basically means like, put in the work, learn what you can today. But you're not going to see the results that work until down in the future, right? Like you're going through OCP now, you're putting in hundreds of hours into the labs.

 

And the payoff isn't for another multiple months on the road, hundreds of hours on the road. So that's where the patience comes in, because it will come eventually. But you have to put in the work every day.

 

And it is a career after all. And, you know, careers are not short term endeavors. So things take time.

 

And that's OK. You're going to you're going to accomplish your goals, but sometimes they take longer than you'd like to. But that's not always a bad thing.

 

[Kyser Clark]

Exactly. And I always I was a sports guy, so I just I always relate back to sports and I think I'm just lucky in that aspect. And sports kind of helped me, like, you know, understand the process even in offensive security here, you know, starting out as a young kid playing sports, you have all these goals and like in wrestling, like I had a lot of goals and I actually didn't reach a lot of them until like high school.

 

So that's a long, a long way. It's you got it's a long journey. So you just got to take that mindset and have the same mindset and offset.

 

So, yeah, I'm just I just take it day by day and enjoying it and just soaking up as much as I can, just building off of each experience.

 

[Ryan Daub]

Yeah, I like your sports analogy. So like I said earlier, I play basketball. I also played football for 10 seasons when I was in school.

 

And it was so I feel like I just have unfair life advantage because like it just sports just help you as a person. So, yeah, I totally agree with you there. Yeah, absolutely.

 

All right, Ryan. So let's move on to our final question. I know you're excited for this one.

 

So here it is. What's one key lesson you've learned recently or if you prefer, what's a bold prediction you have for the future of the field?

 

[Kyser Clark]

One thing I've learned is more, I would say, reinforcement and just learning the basics of I.T. More so like, you know, system administration, I would say those are very strong and networking. Those are very strong skills to have. And I would continue to reinforce that and just, you know, suggest to people to really tidy that up and be good in those areas because it's never going away.

 

It transitions directly into this role. Like I said, as an internal guy, it's not always about the pen testing side of things. We have a lot of infrastructure and things of that nature to maintain.

 

So there's a lot of system administration that comes into play there and networking and project work to, you know, running some of those projects. And I just, I would suggest staying on top of that, the basics, and make sure you understand that it'll help you far in cybersecurity, whether you're spinning up new tools or helping integrate tools for your organization, optimizing tools and systems. It's all, it comes into play and you'll be faced with that eventually.

 

[Ryan Daub]

Great advice. I have nothing to add there because the final wisdom is the final wisdom. So Ryan, thank you so much for being on the show, providing your expertise, your insights, your opinions.

 

I'm sure you've helped out a lot of people today. So where can the audience get a hold of you if they want to connect with you?

 

[Kyser Clark]

LinkedIn's fine. My messages are always open. So just shoot me a message.

 

I'm always happy to help or meet new people. So just reach out to me on LinkedIn. Yeah, I think that would, that would be the best place.

 

[Ryan Daub]

I also ran into him at, uh, B-Sides Pittsburgh. So you're going to be at B-Sides Pittsburgh next year?

 

[Kyser Clark]

I hope so. Yeah. I try to make that my yearly trip out there.

 

So, uh, yeah, it was, it was a good one. I was, it was good meeting you and I hope to see you again.

 

[Ryan Daub]

Yeah. I think I'm going to make it that one because I used to live like an hour and a half away. Now I'm like three hours away.

 

I just moved. So it's a little bit of a drive, but it's a little bit of a drive for you too. Do you say it was like a four hour drive or something for you?

 

[Kyser Clark]

Yep. Yep. It was a four hour drives.

 

Yeah. I was definitely surprised to see you. So that was definitely interesting.

 

[Ryan Daub]

Yeah. I'm not good at telling people where I'm at. I just have a weird thing.

 

Like, like I just showed up and I messaged you. I was like, are you at B-Sides Pittsburgh?

 

[Kyser Clark]

No, that's all cool. But yeah, that's probably a good thing too. Not advertising it, but yeah, no, I, I, I enjoy that event.

 

I think it's really well run and, uh, yeah, I get to meet up with a lot of my teammates out there and former colleagues. So it's always a good time. It was definitely good seeing you out there.

 

[Ryan Daub]

Yeah, man. Feelings mutual. All right, audience.

 

Thank you so much for watching. Thanks for listening. If you enjoyed today's show, if you're on audio, rate the show five stars and share it with your friend.

 

And if you're on YouTube, like the video and hit the subscribe button and also share with a friend who is trying to break into cybersecurity level with their career. Cybersecurity can be a very lonely journey, so share it and make friends. And, uh, hopefully I see you in the next episode, audience.

 

Until then, this is Kyser and Ryan signing off. Thank you.