Alyse Zavala: Rockstar Hacker

[00:00:01] Welcome to the Phillip Wylie Show. Take a look behind the curtain of professional hacking and hear compelling discussions with guests from diverse backgrounds who share a common curiosity and passion for challenges and their job. And now here's your host, offensive security professional, educator, mentor and author, Phillip Wylie.

[00:00:33] Hello, welcome to another episode of the Phillip Wylie Show. Today I'm joined by Alyse Zavala. Interesting story we met during Hacker Summer Camp at Black Hat. And interesting thing was like a lot of encounters I have with some of my connections is you end up meeting people that you're connected to on social media, but never met them before. Don't really know them that well, just don't even wouldn't even recognize them. So we kind of met and is really kind of cool.

[00:01:02] I think it's cool hearing your story that not only were you, you know, working in offensive security that you're also, you know, in a rock band, which is really kind of cool to hear some of these really interesting hobbies that people have. And I really, in my opinion, think that's very important to have these interests outside of cybersecurity, even though people can still put a lot of effort into cybersecurity.

[00:01:24] I think it's important to be able to disconnect for that for a bit, do something else. I think it's going to help with your longevity and burnout because one of the things I've kind of been trying to think of myself is trying to find hobbies myself because I do lift and I'm in power lift. I hadn't competed in a long time.

[00:01:40] But the more interest you have, the way you can just kind of get away from things, because sometimes when you're off and a lot of I go to a lot of conferences and stuff, that's kind of what I do for fun.

[00:01:50] And then on the weekends, you find yourself bored not knowing what to do. So so I think it's really great that you've got that interest in that other that other kind of parallel career that you're running there. So welcome to the show.

[00:02:01] Thank you. Thank you so much. I'm excited to be here.

[00:02:05] Yeah, it's good to have you on. It was really cool getting to meet you. And fortunately, I was, you know, we were walking across to to.

[00:02:15] The conference during Black Hat and overheard you speaking with someone else about, you know, working in offensive security. And so that kind of started the conversation. But yeah.

[00:02:25] Surprisingly, I asked you, like, what's your handle? I'll follow you. And I was already following you. And then you asked me what my handle was. And you were already following me.

[00:02:33] So it's it's it's so funny how that that happens. And one of the things, too, that I do on on Twitter, too, is follow Fridays.

[00:02:41] You ever participated in the hashtag FF for follow Fridays?

[00:02:44] Oh, I see you posting that a lot. Yeah.

[00:02:47] Yes. One interesting fact. One interesting facts about that, too, that I just recently found out about is one of my friends that works at Bug Crowd.

[00:02:55] We were connected on Twitter or friends on Twitter before sure went to work for Bug Crowd.

[00:03:00] But interesting story was I included her on my follow Fridays and she ended up meeting her husband through my follow Fridays.

[00:03:09] How? How?

[00:03:12] He saw her name in the follow Friday. So at the time, whenever they probably first met, I probably didn't know him yet.

[00:03:19] But the funny coincidence about it is that he was a former co-worker of my wife's.

[00:03:27] So they both kind of connected, trying to think of the timeline.

[00:03:30] I don't know if we if he and I knew each other by then or what, but it was interesting.

[00:03:34] That's kind of how they met through the follow Friday.

[00:03:36] And she actually shared that with me a while back.

[00:03:38] It's really cute. They got married.

[00:03:40] He just started checking out all the profiles that you were, you know, putting in there.

[00:03:43] Like, oh, she's pretty cute.

[00:03:45] Yeah, I guess.

[00:03:46] Oh, OK.

[00:03:46] Slipped in the DMs, as they say.

[00:03:50] A kiss.

[00:03:50] Love it. Love it.

[00:03:52] But really cute. I got to meet.

[00:03:55] I got to meet him like a couple of years ago because I was in Chicago and my wife said, hey, if you want to have dinner with someone,

[00:04:02] you should meet up with, you know, this guy, my former co-worker.

[00:04:05] I'm not real revealing people's names.

[00:04:07] So we kind of met up, met for the first time.

[00:04:09] This is back in 2022.

[00:04:10] So we'd met.

[00:04:11] So I didn't get to meet her until like left Defcon and Blackout last year.

[00:04:15] So we had dinner together.

[00:04:16] So I got to meet, meet her as well.

[00:04:18] And so they got married, I believe, last year or earlier this year.

[00:04:23] And they're expecting their first child, too.

[00:04:25] So it's really kind of cool.

[00:04:26] I love that, especially when it's like people on cybersecurity getting together.

[00:04:31] I think that that's really cute.

[00:04:32] You know, there's a lot of couples in cybersecurity.

[00:04:36] It's kind of good to be able to.

[00:04:37] It's kind of cool when you find someone with a similar interest like that.

[00:04:40] What else is kind of.

[00:04:41] Yeah, but it was just kind of an interesting, interesting experience with with that.

[00:04:45] And just like I said, one of my favorite things is getting to meet people in person that you're connected online.

[00:04:51] And the funny thing about the online community is I don't know if you feel this way or not,

[00:04:54] but especially people you've interacted with and you kind of get to meet them for the first time.

[00:04:59] It seems like you've known them for a long time, even though it might have been just virtual until you met a person.

[00:05:04] Yeah.

[00:05:05] Yeah.

[00:05:05] I think the only problem is, is that like if they wrote their regular name on their tag, like I won't know who they are at all.

[00:05:13] But like luckily, some people actually put their handle on their tag.

[00:05:18] Like I did like the second line of Bell Bites, you know, and so people came up to me and said, oh, I know Bell Bites, you know, on online.

[00:05:26] And so like if they put their their Twitter handle or X handle or whatever, like then I'll reckon.

[00:05:33] There was I.

[00:05:36] Yeah, it's kind of interesting.

[00:05:37] A few years back, actually before the pandemic, there were some people who had really good ideas.

[00:05:41] They would go get these little badges made with their Twitter handle on it.

[00:05:46] So that way when they'd be out, people would be able to be able to find them, which is cool.

[00:05:52] So before we get too far into the conversation, if you wouldn't mind sharing your, your hacker origin story,

[00:05:57] kind of how you started out up until the point where you're at today in your career.

[00:06:03] Oh, OK.

[00:06:06] Well, I think like so one of my very early I started out in IT.

[00:06:12] I was on the geek squad for like seven years.

[00:06:15] I did advanced repair agent.

[00:06:17] I was in the back, so I didn't have to work with customers.

[00:06:20] And I think I started specializing, I guess, in like a lot of the malware that people couldn't remove.

[00:06:28] So they kind of made me like get into whenever other ARAs couldn't remove malware all the way.

[00:06:36] And like if customers came back and let's say they wiped the computer and it's completely new OS or whatever.

[00:06:41] And they were just like, it's still slow.

[00:06:42] I think it's still infected.

[00:06:44] Like I got really into like brew kits and boot kit like research and stuff like that.

[00:06:49] And I don't know, I just got really passionate about like advanced malware extraction.

[00:06:55] And then I switched over to cyber defense.

[00:06:59] I got into defense over at Duke University.

[00:07:02] And at Duke, I was in charge of the intrusion prevention system.

[00:07:06] And with that, we had to write snort rules, you know, to detect malicious traffic that's not already in the Cisco firepower or whatever.

[00:07:18] And so I had to read a lot of blogs of like newer techniques.

[00:07:24] Like I got really into like cyber defense evasion.

[00:07:27] So that way I could try the techniques in these blogs and then be like, oh, well, yeah, the IPS did not catch it.

[00:07:34] And then I had to write the snort rules and everything like that in order to catch it.

[00:07:37] And I think getting into that, I was just having more fun with the hacker blogs, like the actual hacking techniques than I was in the defense like aftermath.

[00:07:51] So Duke University is very huge in like pushing like academia, like just academic research and stuff like that.

[00:08:01] And so they really want people to just learn.

[00:08:03] Like we did a lot of like lockpicking villages and cross trainings and stuff like that with the students, with teachers and stuff like that and in other departments.

[00:08:12] And so I think they just they bought SANS vouchers by the bulk.

[00:08:17] And so, you know, SANS, they're very expensive.

[00:08:21] And so Duke University would just buy bulk like massive amounts.

[00:08:25] And so they had to be used within the calendar year.

[00:08:29] And so I was like super excited to get into offense.

[00:08:34] So I was just like, let me take them.

[00:08:36] I'm going to take them all.

[00:08:37] Oh, you're not going to use them?

[00:08:39] Sure.

[00:08:40] And so I think I was taking like three SANS search like per year.

[00:08:44] It was just like insane.

[00:08:47] And yeah, I just I really was passionate about like the hacking side.

[00:08:52] And so even though so Duke University has like a information security office for like the medical side and then they have the IT security office for the academic side.

[00:09:02] And so I worked on the academic side and there was no pen testing.

[00:09:06] There's no penetration test serves at that.

[00:09:08] And so since I was getting like my G-PAN and my G-XPN for like, you know, excellent research and stuff, I and I got really, really big into CTS competitions and stuff like that as well back then.

[00:09:23] So I think it was just naturally like I was just getting antsy and wanting to do hunting like for Duke.

[00:09:31] And so I had conversations with like the now CISO, Nick Tripp.

[00:09:37] He's but the older CISO was Richard Beaver.

[00:09:40] So I Nick and I sat with Richard Beaver and we convinced him to let us like start pen testing for Duke.

[00:09:46] And so now Richard is sorry.

[00:09:49] Now Richard retired and Nick is actually now the CISO of Duke, which is amazing because he and I started the pen testing program at Duke University, essentially.

[00:09:59] But yeah, it was it was great.

[00:10:01] I got to like have like the chiller plant and I got exposed to I mean, I got I started hacking like a lot of the web applications and stuff like that for the various areas of the school.

[00:10:11] And then I got into physical security assessments where we had to like break into like various warehouses where Duke was housing there, like their student records and things like that.

[00:10:23] And so I thought that that was really fun.

[00:10:25] I got to start doing like lock picking and trying to break into buildings, you know, and so before I knew it.

[00:10:33] Yeah, I was getting I think with all once I mean, I just had a lot of hacking sorts by then and I was hacking a lot of stuff for Duke that I started getting job offers, I guess, in certain places.

[00:10:49] And Options Clearing Corporation, I basically stumbled across an opportunity where they wanted me to hack for them, which was great.

[00:11:00] So I got to Options Clearing Corporation does like stocks and options and futures.

[00:11:06] There's actually only seven companies in the entire world called a SIFMO.

[00:11:11] It's a significantly important financial market utility where like if the network goes down for like over 30 minutes, like it could dramatically impact the markets.

[00:11:20] And like if the network goes down for like two hours or something, it could like the United States financial stability could tank and world markets could tank.

[00:11:27] It's just really, you know, no pressure.

[00:11:30] Right.

[00:11:31] Haven't happened.

[00:11:32] You know.

[00:11:33] But yeah, so I had the amazing opportunity to help.

[00:11:36] Yeah, I was hired as a senior penetration tester on the red team.

[00:11:39] And then I started growing out the team and I became a lead penetration tester and then I became a technical manager.

[00:11:49] When my manager, he had some issue with family.

[00:11:53] He had to leave very suddenly and they needed someone to run the team and I was already running the team.

[00:11:59] And so they just kind of asked if I wanted to go management.

[00:12:02] But I was so passionate about being technical that I didn't want to go management.

[00:12:08] You know, so they convinced me that I can maybe wear both hats, you know, and I could still hack in the trenches with my team and they would provide me the R&D time, the research and development time to still be able to do exploit research and stuff and kind of shield me from some of the other management type meetings.

[00:12:28] So because our red team is a completely separate chain of command as the defense team anyway.

[00:12:35] So it's kind of easier to just keep me separated.

[00:12:38] And so that way I can still hack with my team, but I can also do time cards and build them up.

[00:12:44] And after that, yeah, I just kept building the team.

[00:12:47] We got bigger and bigger.

[00:12:48] And now I'm executive director of the security red team at OCC.

[00:12:53] Very cool.

[00:12:55] Yeah, I really like your career path.

[00:12:56] That's really interesting.

[00:12:57] And that's really a good example for anyone listening that even if you're middle of your career, beginning or trying to break in, that you took advantage of opportunities you had because, you know, you can look at it whatever way you want.

[00:13:11] And it's not a matter of anyone can say you got lucky.

[00:13:14] You were at this, you know, at Duke, you had access to all this training you could take.

[00:13:18] You took it upon yourself to take the training, to learn the skills.

[00:13:23] And then you asked if you could do pen testing within that university.

[00:13:28] So you opened up opportunity.

[00:13:30] They may have not been there.

[00:13:31] So these are good lessons for anyone that's listening is, you know, it doesn't hurt to ask.

[00:13:35] I mean, you can at least ask.

[00:13:36] And just when people show the desire and want to do those things, the passion, people, you know, really like that.

[00:13:43] So.

[00:13:44] Yeah.

[00:13:45] Yeah.

[00:13:45] I think they saw my enthusiasm to learn.

[00:13:48] And like, I was doing really well on resorts and everything like that.

[00:13:51] And I was doing well in CTS competitions and stuff like that.

[00:13:56] I don't know.

[00:13:57] I don't know.

[00:13:58] I just got, I just convinced them.

[00:14:00] I said, I can work on hacking before work and after work.

[00:14:03] It can be like an extracurricular thing.

[00:14:05] You don't have to pay me extra.

[00:14:07] Just like let me hack.

[00:14:08] And they were like, no, we'll let you pivot.

[00:14:10] So it was really nice.

[00:14:12] That's very cool.

[00:14:13] Well, so, you know, based on, you know, obviously what you did worked.

[00:14:17] But if you were going to give advice to someone that just wanted, that was just starting out wanting to become a pen tester, what would you recommend education wise?

[00:14:27] Hmm.

[00:14:29] Okay.

[00:14:30] People may disagree with me on this one.

[00:14:33] But I think personally, my degree was in biology with a focus in genius.

[00:14:41] Okay.

[00:14:42] So I don't even use my degree.

[00:14:44] I think it's nice to have a piece of paper for some companies, you know, who would require a piece of paper.

[00:14:50] But a lot of people in our field, like have philosophy degrees and like, you know, art degree, degrees that aren't even in hacking, you know?

[00:14:58] So I think personally, when I'm, when I'm hiring people, even I'm less concerned about whether they have a bachelor's degree.

[00:15:07] I'm actually more concerned about their hands on hacking capabilities.

[00:15:11] Um, so there's like, um, certain certifications that I find, in my opinion, to be more so definition and theory based.

[00:15:23] And I don't put a lot of weight.

[00:15:24] Like, um, if I see the CEH on someone's resume, I'm probably going to ask you still a lot of scenario based questions.

[00:15:32] So that way it's not like, I'm not asking you definition questions.

[00:15:36] I want to know what you would do with your hands on, on a box.

[00:15:39] And you need to do some privilege escalation.

[00:15:42] If you need a lateral, what are you going to do next?

[00:15:44] You know?

[00:15:45] And I think scenario based questions helps me understand your mindset and like, choose your own adventure kind of thing.

[00:15:51] And we can like, kind of go down the rabbit hole together.

[00:15:53] Um, I think that, um, the CEH might prepare people for theory, um, or definitions.

[00:16:00] But I, I've, I've noticed that people that I've interviewed with those certifications don't really have a lot of hands on hacking experience.

[00:16:07] Um, whereas people who have like the OSCP, OSCE, any of the OSWE, a lot of the offensive security certifications, you know, those exams are like hands on.

[00:16:19] You had to actually hack during the exam to get the cert.

[00:16:23] And I think that that's really cool.

[00:16:25] Uh, it's important.

[00:16:26] And I think that those people tend to do much better for, um, not only hands on, uh, experience already ready to, ready to rock and roll.

[00:16:34] Um, but they have a lot of the attitude that I need for, you know, try harder.

[00:16:39] The exploits aren't going to already work just straight from exploitdb.com or, you know, it's not automatically going to work.

[00:16:46] You're going to have different security controls and different, um, you know, some people might custom build some obscure parsing mechanism on the back end and doing some weird stuff.

[00:16:57] And so like, it's never going to, you're going to hit those blockers.

[00:17:01] And I need people who are going to try to get around these blockers and think weird.

[00:17:07] I like people who think weird.

[00:17:08] Um, yeah.

[00:17:10] Uh, so anyway, I, I think if you're starting in, in my opinion, I think it would be beneficial for you to start off with like, like, um, hack the box.

[00:17:21] Um, I haven't tried, try hack me, but I've heard, you know, some people in our industry have, but I did a lot of hack the box.

[00:17:28] Um, and there's a, there's a lot of YouTube, uh, videos.

[00:17:32] Um, a lot of researchers will actually walk you through the box, like beginner boxes and things like that.

[00:17:38] There's a lot of blogs as well.

[00:17:40] Um, like John Hammond is really good when he first started with his channel.

[00:17:45] He had a lot of, um, like, here is the CTF and here's my mindset of trying to tackle the CTF.

[00:17:52] And he would like not cut out when he, when something didn't work, like he would go down a full path and be like, well, that didn't work.

[00:17:59] All right. Back to square one guys, you know, and I think that that was good because anybody who watches soon is going to see our job involves failing, failing and failing and failing and then failing more, you know, and you have to kind of get used to that and embrace, you know, and learn as you go.

[00:18:18] Um, and see it as like, well, I learned a lot, you know, even if it didn't end up in, you know, somewhere fruitful, you were able to get around these security controls or learn along the way.

[00:18:27] So I would tell them to start off with half the box.

[00:18:32] Um, and then I would tell them, uh, to maybe, oh, I mean, unless they have like zero, um, like network knowledge, like maybe they should do some sort of like networking one-on-one, you know, kind of, uh, stuff on like LinkedIn learning or, or some of the free trainings online or things like that.

[00:18:52] They don't necessarily have to do a full cybersecurity bachelor's degree.

[00:18:56] I mean, they can if they want, but I think that if you're trying to get in, get in a position quickly, I think it would be good for you to get like some networking one-on-one experience.

[00:19:06] Get some like web application one-on-one experience, building your own web application, opening up those web server ports, that sort of thing.

[00:19:14] Um, understanding, you know, um, the traffic, even of like a simple, like Python HTTP server, you know, like how, how does this work, you know?

[00:19:22] Um, and then like, if, I don't know, I think, um, yeah, get some, like maybe some Python or some kind of network, uh, some type of programming language.

[00:19:33] Um, uh, one-on-one course, maybe a Linux one-on-one course, Windows command, you know, one-on-one, um, just like basics.

[00:19:42] And then I think they should start off with like the hack the box, beginner boxes and grow from there.

[00:19:46] And then from that, once they're ready, I think they should get into like offensive security certifications.

[00:19:53] Um, or like the, uh, the CRTO, I've heard good things about the red team berator certification.

[00:20:00] I took SANS courses, but I know not a lot of people can have the budget for $8,000 course.

[00:20:06] Um, but I think there is, um, some, um, good things about SANS where they, they show like a lot of the foundational knowledge already.

[00:20:16] So like they, they will kind of give you some of that one-on-one knowledge as you're learning before, you know, to understand what this tool is doing and stuff.

[00:20:26] So if, if you need a little bit more handholding, SANS is great.

[00:20:30] Um, but like, yeah, offensive security certs, they're so hard that I think you'll be like ready to rock and roll and get hired.

[00:20:39] If you have those certs, I think they'll just be beneficial for you to put yourself through that, um, uh, torture.

[00:20:48] So for, for, so for someone is trying to make that next step that maybe they're working in offensive security.

[00:20:55] What are your recommendations for someone that wanted to move into exploit development?

[00:21:00] Um, okay.

[00:21:02] Um, so it depends on what they really, I guess what they're passionate about, but because people have different silos of interest.

[00:21:11] Um, in my opinion, I found it very helpful for me to go to like exploitdb.com and I was actually downloading like the vulnerable apps.

[00:21:19] Like you can download the apps itself and then don't look at the exploitdb code.

[00:21:24] Like don't look at the answers.

[00:21:25] Right.

[00:21:25] And then you try to like use like American fuzzy lap and things like that.

[00:21:29] Try to crash it yourself.

[00:21:30] Try to like, um, you know, debug the, the, um, application and everything like that.

[00:21:35] And try to find the buffer overflow.

[00:21:38] Try to find those, uh, like remote code execution vulnerabilities and stuff yourself.

[00:21:42] And then check your answer to the answer that's online and see how your code is different from theirs.

[00:21:48] And maybe you found the same bug, maybe you found a different bug.

[00:21:51] But I always thought that was kind of fun when I was learning.

[00:21:53] Um, and then I think time is essential.

[00:21:58] Um, when it comes to like just finding any kind of new zero days.

[00:22:03] So, um, even if you're not going to get into like reverse engineering per se, I think it might

[00:22:09] be, uh, as a, with OCC where we have an internal red team.

[00:22:14] Um, so one thing I noticed is that like with consulting teams, you got a week, get in there,

[00:22:20] get out, you know, like get in there, get it as fast as you can straight to domain admin,

[00:22:24] ring the bell and then get out.

[00:22:26] And so a lot of consulting teams get really good at active directory attacks, but they don't

[00:22:32] know as much about like enumerating like a custom, like web app or with rest APIs and

[00:22:38] things like that.

[00:22:38] Or they, they might do less with like, um, developing exploits for maps and things like

[00:22:43] that, you know?

[00:22:44] And so I think that, um, the thankful thing that I, I've been able to, um, experience with

[00:22:52] OCC is that since I run the team, I get to control how long we put into a project.

[00:22:59] So, um, if we're testing, um, you know, some brand new appliances, uh, that maybe a vendor

[00:23:06] has given us, you know, not only can we assess how hardened they've created that, uh, server,

[00:23:13] uh, is there any kind of Docker container escapes and things like that, um, that might be fruitful

[00:23:19] for our engagement.

[00:23:20] Um, I don't know.

[00:23:22] I think that, um, we have stumbled across, even though we're testing OCC's implementation

[00:23:29] of, you know, the, the infrastructure there, I think we've, since we've had so much time

[00:23:34] to, like, if I'm testing a, uh, a printer, if I'm testing all the printers at OCC, right?

[00:23:40] If I'm testing it for a month, I might find some zero days with Xerox or, or dope runners

[00:23:46] or whatever the printer is, right?

[00:23:48] And so then you have to have like a responsible disclosure process in order to actually disclose

[00:23:54] those bugs later.

[00:23:55] Um, but it's, I mean, yeah, I guess it depends on what they're passionate about.

[00:23:59] If they're really excited about web apps and, um, or, you know, or, um, network-based attacks

[00:24:05] or whatever, I think there's potential to find zero days in whatever your silo of interest

[00:24:12] is, if you put enough time and effort into it.

[00:24:17] Yeah.

[00:24:17] Very, very interesting.

[00:24:18] Since you mentioned zero days as a hiring manager, how, how well, or how much do you value

[00:24:24] CVEs?

[00:24:25] If someone comes in with CVEs on their resume, how does that kind of weigh on your opinion

[00:24:31] compared to someone with maybe just certifications?

[00:24:34] Huge, huge.

[00:24:35] I actually, um, told my, so I had, I recently had two, um, job openings, um, on, on my red

[00:24:43] team and, um, I pulled the recruiting, uh, people, uh, into a meeting with my HR person.

[00:24:51] And I said, disregard whether they have, uh, a bachelor's degree, just completely disregard

[00:24:59] that.

[00:24:59] I don't care.

[00:25:00] Um, I'm really focused on, um, if they have like offensive security serves, that's great.

[00:25:07] That'll give some extra points.

[00:25:09] And then if they have, um, like anything involving like CVEs, like bugs that they have found, um,

[00:25:16] um, if they, if they've done like hacker one and bug crowd and things like that for like,

[00:25:21] um, finding their own zero days, I, I want, I want to look at those resumes.

[00:25:26] I prioritize those resumes.

[00:25:28] I'm not saying that I'm not going to look at the other resumes.

[00:25:30] You know, if you've done your time, you know, doing cybersecurity, bachelor's degree, you

[00:25:35] have all these certifications and, and, and SANS certs even, you know, I'll look at

[00:25:39] SANS certs.

[00:25:40] I gave a whole list of certs, um, that I think would be, um, prioritized.

[00:25:45] Um, but I'll look at the other people.

[00:25:47] I just tend to think that the people with CVEs already, um, might be good at, um, my

[00:25:54] scenario based questions.

[00:25:56] Um, cause I'm, I'm, like I said, I'm not going to just ask them, Hey, what's the difference

[00:26:00] between cross-site scripting and cross-site request forgery?

[00:26:02] Like, I don't want, I don't want you to Google your answer while we're talking.

[00:26:06] I'd rather like us just like, I'd rather us just like, Hey, let's, I'm going to give

[00:26:12] you, I'm going to put you in a like Linux terminal, you know, how do you find out like

[00:26:16] what privileges you have right now?

[00:26:18] And how would you try to break out of those privileges and, and instillate, you know, or

[00:26:22] in just like various scenario based questions, you know?

[00:26:25] And I'll find that some people that are really siloed in like web applications these days,

[00:26:31] a lot of times they solely rely on like Burp ProScan results and that's it.

[00:26:38] They just send the results straight to the, um, the client or they send the results straight

[00:26:43] to the, um, IT owner.

[00:26:45] And when the IT owner tries to ask them, can you explain this job or just your organization

[00:26:49] vulnerability, or can you explain any of these things?

[00:26:52] They either, A, don't really know how to explain it in depth, or they don't really know how

[00:26:56] to explain how to fix it in depth.

[00:26:58] Um, like, and a lot of them have, you know, explained to me that they don't even know

[00:27:03] how to get an actual web, like they don't ever go the extra mile to actually perform

[00:27:07] the exploit and get on the box and then move from there.

[00:27:11] Um, so I think it's important to me that I, I don't want just somebody who only has

[00:27:17] scanning experience, um, you know, or theory experience to just send it to an IT person

[00:27:24] and be like, ah, I think it's vulnerable.

[00:27:26] It said, the scan says it's, I mean, I think it's important for them to understand how

[00:27:32] to actually perform the exploit and then what wasn't found in the scans, you know, and, and

[00:27:38] maybe how you can possibly know why it wasn't found in the scans and so that you can, um,

[00:27:44] just manually perform it, which is important, especially for red teams that need to be covert

[00:27:49] anyway.

[00:27:49] If you're being stealthy, you need to know how, how to manually do things with your hands

[00:27:56] and not miss any with your own custom code instead of relying on tools.

[00:28:01] Yeah.

[00:28:02] One of the things I've kind of think with tools, it's really, I think it's really affected

[00:28:06] how people are, you are doing coding because you think of some of the things that you can

[00:28:10] do with burp suite, some of the other tools, because, you know, before when you, you, before

[00:28:15] people were using like burp suite and you have to use something like Hydra to brute force,

[00:28:20] you'd have to put like the URL path, the login path and all this stuff in to set it up.

[00:28:26] And it was just easier, easier to use something like burp suite or zap or something else.

[00:28:31] So it's really interesting.

[00:28:32] It seems I, in my opinion, I think some of the tools and then even like a metasploit has

[00:28:37] made it easier for people to use these tools and not really focus on, on learning how to

[00:28:42] code and do things manually.

[00:28:44] Oh yeah.

[00:28:45] But I think the issue with that is, is that those pen testers are pretty much only going

[00:28:50] to test in a white box, like non-stealth engagement, you know, cause they're going to be, they're

[00:28:56] going to be running and aggressive scans or they're going to be running, you know, just

[00:29:01] like they're going to crawl in an aggressive way.

[00:29:03] And it's, it's going to get caught by the defense team.

[00:29:06] Defense team is going to see that.

[00:29:07] Um, they're going to see when you put like a precompiled version of Ruby is on to a box

[00:29:13] there.

[00:29:13] They're there.

[00:29:14] It's going to get caught.

[00:29:15] Um, and so I think knowing, um, what those tools are doing manually, um, might allow you

[00:29:23] to be able to be a little bit more covert.

[00:29:25] If you need to do a red team engagement and simulate a more sophisticated adversary.

[00:29:31] Very cool.

[00:29:32] So, uh, you know, don't want to disappoint the, the, the viewers and want to go ahead and

[00:29:37] kind of get into, you know, kind of your, your other career as a rock star, a vocalist

[00:29:42] for, for a, uh, a band.

[00:29:45] So I think that's pretty interesting because it's always cool to, to find out what, you

[00:29:50] know, things people are doing outside of the day job or the interest.

[00:29:53] And so it was really interesting to find out that you were a vocalist in a band.

[00:29:57] So if you wouldn't mind sharing about your band that had experienced.

[00:30:02] Yeah.

[00:30:02] Um, okay.

[00:30:04] Well, um, I've always been in like bands and singing competitions growing up, but I think,

[00:30:10] um, when I moved back, um, to North Carolina, um, I decided to just start a new, uh, I ended

[00:30:19] up having a breakup and I had all this extra time on my hands outside of working and only

[00:30:26] writing explodes.

[00:30:27] Right.

[00:30:27] Uh, so I decided to start another rock band and, um, this time, instead of me being the

[00:30:32] only singer, I've, I've always loved Lincoln Park growing up.

[00:30:36] So I really liked the, um, rap, uh, rap and rock, uh, dynamic of Lincoln Park with Chester.

[00:30:42] Now, now I know that they have a female singer, but back in the day they didn't.

[00:30:46] You know, it was a male rapper and female, sorry, it was a male rapper and male singer.

[00:30:50] And so I thought, well, it would be really cool.

[00:30:52] And this was back in 2020.

[00:30:55] Okay.

[00:30:55] I thought it would be really cool to start a rock band where we have a male rapper and

[00:31:00] female.

[00:31:00] Um, so I did it first guys.

[00:31:03] Don't assume.

[00:31:05] Um, but anyway, yeah.

[00:31:07] So I, uh, I auditioned a bunch of people.

[00:31:11] Um, I went on Craigslist and Facebook and band mix and everything.

[00:31:16] And, um, I made posts, you know, looking for rappers.

[00:31:18] And like, when I saw their profile was just like money, you know, it would skip a lot

[00:31:24] of those people.

[00:31:25] Um, yes, I auditioned all the members and, um, I kind of started it like kind of like a

[00:31:32] CEO would start a business.

[00:31:34] Like I, I didn't, I've been in a lot of bands growing up where like, we just kind of like

[00:31:39] hung out and jammed a little bit and like, it didn't really go anywhere.

[00:31:43] And when you have a lot of people steering the ship, the ship doesn't really get to the

[00:31:49] destination because you're all compromising, you know, a meeting in the middle and stuff

[00:31:54] like that.

[00:31:55] So I thought that if I started this, um, this band, which is Lilac, by the way, it's

[00:32:00] spelled, it's spelled a little bit.

[00:32:01] So it's L Y L V C.

[00:32:04] So it's a V instead of an A's upside down.

[00:32:07] Um, but anyway, uh, Lila, L Y L V C.

[00:32:11] Um, so I started this band and I thought that I would kind of be the only one steering

[00:32:17] the ship, you know?

[00:32:17] So, um, all of us, you know, we write music together and stuff like that.

[00:32:22] And we were in team together.

[00:32:23] We wrote a bunch of songs.

[00:32:25] Um, but yeah, we were just kind of more, I guess I was more driven with, okay, if we're

[00:32:30] going to do this, let's do it.

[00:32:32] Right.

[00:32:32] And so we recorded, um, with Howard Benson, uh, Howard Benson's, uh, studio with Mike

[00:32:39] Bonikoff and Joe Ricard.

[00:32:40] And, um, they've recorded like Hailstorm, Three Days Frays, Seether, um, Fire Leaf, like

[00:32:46] just Bon Jovi, Kelly Clarkson.

[00:32:49] Like they've just recorded so many people.

[00:32:51] Uh, and so that's who recorded our first EP.

[00:32:53] So go big or go home.

[00:32:55] Okay.

[00:32:56] Don't, don't start low, you know?

[00:32:58] Like just like, as you can tell with like even exploit research, I'm like, go straight

[00:33:03] for half the box, you know?

[00:33:05] Yeah.

[00:33:06] Yes.

[00:33:06] I don't know.

[00:33:07] I think I just have that mindset for like this way possible.

[00:33:11] So with, um, with band, yeah, I was just like, okay, let's record with them.

[00:33:15] And then we did our music video, um, for Perfect Drug and it blew up.

[00:33:21] It got like over a million views.

[00:33:23] Um, and it was crazy.

[00:33:24] And then, um, Rob McDermott who used to manage Lincoln Park, he wanted to work with us.

[00:33:30] And then, uh, Tony Couch, who manages in this moment and has some stars and Eva under fire.

[00:33:35] He wanted to work with us.

[00:33:37] And, uh, so we, we ended up going with Tony.

[00:33:39] Rob McDermott is great.

[00:33:40] I love him.

[00:33:41] So you're, if he ends up watching this, I love you.

[00:33:44] Uh, and, but yeah, we just ended up going with, uh, C3, um, with Tony Couch.

[00:33:49] And then, um, yeah, before I knew it, I had like PR reps that worked for me.

[00:33:52] And radio promo reps.

[00:33:54] And, um, yeah, we released a couple more songs.

[00:33:57] Um, the new music.

[00:34:00] So we have unreleased music right now that we're sitting on.

[00:34:02] We recorded with Kane Sharko.

[00:34:04] He was recorded, uh, hits for like Five Finger Death Punch and Disturbed and Ozzy and just a whole bunch of, um, amazing bands.

[00:34:13] And, um, anyway, we just recorded a whole bunch of music with him.

[00:34:18] And, um, the music video, uh, we, so.

[00:34:22] There's this guy named Jensen Nolan who's blowing up, right?

[00:34:26] But his music videos are insane.

[00:34:28] They're like an Avengers movie.

[00:34:30] Okay?

[00:34:30] But if you look up, if any of you want to, like, see some crazy graphics for a three-minute video, like, look up Falling in Reverse.

[00:34:37] Like, uh, the Ronald video.

[00:34:39] And it, like, seriously, like, there's, like, this giant devil.

[00:34:43] And, like, he gets sucked into the ground.

[00:34:45] And there's, like, this huge tornado thing around him in Tech 9.

[00:34:49] It's just, like, the craziest visual effects ever for a three-minute music video.

[00:34:53] It's seriously like a movie.

[00:34:54] And, um, so I thought that with, um, we have a new song called Barely Human.

[00:35:00] And, uh, I thought since I like creating viruses, I make a lot of nowhere for my work.

[00:35:08] I thought, what if there was this, and also my job, my bachelor's degree was in, you know, biology with a focus in genetics.

[00:35:15] I really like genetics, too.

[00:35:16] So I thought, like, what if there's, like, this fictional story of, like, where I created a virus and it infected human DNA.

[00:35:23] And maybe most of the humans died.

[00:35:26] But of the few remaining human survivors, maybe, like, their genetic code interacted with machine code better.

[00:35:34] I don't know.

[00:35:35] It's very fictional.

[00:35:36] We know this.

[00:35:37] But it's fine.

[00:35:38] It's still, it's just a fictional story.

[00:35:40] And so, anyway, I thought, um, okay, well, if there's the last remaining human survivors are, like, fighting in this post-apocalyptic world.

[00:35:48] And, you know, everybody is dead and it's broken into, you know, like, it's, uh, they're just turf warring, you know?

[00:35:55] And so some people are just, like, let's go full AI.

[00:35:58] Let's just go full robot, guys.

[00:35:59] Come on.

[00:36:00] You know?

[00:36:00] And, like, the other people are, like, no, let's hold on to empathy and let's hold on to, you know, fighting for, like, a human, you know, humanity and, you know, regaining our humanity.

[00:36:10] But, like, as we're fighting, you're getting an arm blown off and you're replacing it with a robotic eye.

[00:36:15] You lose it, you replace it with a robotic eye.

[00:36:18] And so, who better to hire for that kind of crazy vision than Jensen Nolan?

[00:36:24] I thought that the visual effects were going to be insane.

[00:36:27] And so, um, we just did a music video shoot with him.

[00:36:31] And, uh, right now, uh, they're going to take six weeks, uh, to put all of the visual effects on there.

[00:36:38] Because we, we had this, like, crazy katana fight scene and everything.

[00:36:42] I mean, it's, it was insane.

[00:36:43] Like, I had, like, 13 female extras and I had, like, 10 male extras, including, you know, Robert Downey Jr., right?

[00:36:50] Iron Man.

[00:36:51] So, um, Robert's son, Indio, he and I became friends and I asked Indio to join my video.

[00:36:58] So, Indio is actually in the music video too.

[00:37:00] So, I got, I don't have Iron Man, but I got Iron Man's son.

[00:37:03] That's very cool.

[00:37:03] In my music video.

[00:37:05] Yeah, yeah.

[00:37:06] And so, um, the visual effects should be done in six weeks.

[00:37:09] Um, but all music industry stuff shuts down, uh, for Thanksgiving through mid-January.

[00:37:16] So, we're not going to be, we're probably looking at a early, um, like, end of January or early February release now.

[00:37:25] So, it postponed our fall tour and stuff, but I think it's going to be really, really worth it.

[00:37:31] So, I'm excited.

[00:37:32] Oh, that's very cool.

[00:37:33] So, who are some of the different bands you've toured with?

[00:37:36] Um, yeah.

[00:37:37] So, we've toured with, like, Atreyu and Pop Evil and Same on Fire.

[00:37:41] Um, yeah.

[00:37:43] On New Year's Day, a bunch of bands.

[00:37:45] So, the first tour we did was a West Coast to, like, mid-U.S. tour.

[00:37:50] And then, uh, the second, uh, tour was, like, more, more West Coast, like, all the way up.

[00:37:56] And then over to, like, Midwest.

[00:37:58] And then the third tour we did was, um, just East Coast and Midwest.

[00:38:02] Uh, in Midwest.

[00:38:03] So, um, I'm excited to figure out.

[00:38:06] Uh, I know that there's a festival in February.

[00:38:09] That's, like, a big, uh, I think last year they had Bush and Dorothy and, like, a lot of bands.

[00:38:14] There was a whole bunch of bands, uh, on that festival.

[00:38:17] Well, we're on that festival in February.

[00:38:19] And then they're doing, like, a two-week tour, apparently, right after the festival with those festival bands.

[00:38:26] So, apparently, it's just a lot of big, huge bands going on the road together.

[00:38:30] And so, uh, if we release Barely Human at the end of January, we'll be releasing it with that February tour.

[00:38:37] So, I'm really excited.

[00:38:38] That's very cool.

[00:38:39] So, how is that managing that career along with your, your day job?

[00:38:43] How's that?

[00:38:44] How's that?

[00:38:44] Is that very hard to manage?

[00:38:46] No.

[00:38:47] I mean, so far, so good.

[00:38:49] Um, I mean, like, the good thing is, is that, um, you know, as a hacker, you know, we can bring our laptops anywhere.

[00:38:57] So, as long as, I work remotely, I mean, I know some people are required to go into the office, um, but my team, uh, works remotely full, full time.

[00:39:06] Uh, and so, I just basically hired a driver.

[00:39:10] Um, my, the driver that I hired, uh, he, he's driven Slayer and Desk Homes and just a bunch of bands.

[00:39:17] Um, so, I, I let him drive.

[00:39:19] Uh, we have our private bunk beds in the back.

[00:39:22] And so, he would drive to the next city, like, and we'd end up at a gym.

[00:39:27] Uh, where we're all members of.

[00:39:28] We would go in there, shower, come in back to the bus and we would all work our day jobs because all of us work remotely.

[00:39:35] So, we'd work our day jobs remotely and then we'll be ready to sound check by, you know, five.

[00:39:40] I mean, work will be done already, you know, by the time sound check started.

[00:39:44] So, it was, um, I didn't have to take any PTO my past couple tours.

[00:39:48] Like, I took zero days off.

[00:39:50] I just worked my day job and then I sang at night and worked my day job.

[00:39:54] You know, and it, it ended up being okay.

[00:39:56] Yeah.

[00:39:56] And touring, it's like, you know, you have like, you have like a month long tour and then you're back home for like two to three months.

[00:40:06] So, you're, I mean, I get, then I can just focus only on hacking.

[00:40:09] So, it's worked out.

[00:40:11] Oh, that's cool.

[00:40:12] Yeah.

[00:40:12] That's fun.

[00:40:12] So, do you, do you kind of think that helps you with burnout in your job, having this other interest that you're not all 100% into one thing?

[00:40:22] Um, I think that, um, I think me personally, I still get burnout because I think I put on a lot.

[00:40:33] I put a lot of responsibilities on myself.

[00:40:34] I just recently started, like, I think delegating more.

[00:40:38] Um, but like, I think I've just always been so, um, particular about like, oh, you have problems?

[00:40:47] Pile it onto me.

[00:40:48] Oh, you have these problems?

[00:40:49] Pile it onto me.

[00:40:50] That's fine.

[00:40:50] Oh, you're having these, these stressors or whatever.

[00:40:54] And so, I think that I prioritize my team to have extreme work-life balance.

[00:40:58] Like, I want them to have, you know, because they have their babies.

[00:41:01] I don't have any kids or I don't have family or anything.

[00:41:04] So, like, I just, I see them having these beautiful families with their kids and things like that.

[00:41:10] And so, I tend to put a lot of the extra workload on myself.

[00:41:13] And so, I think that, um, I'll, even after a show, I was still, like, longing back in, finishing a couple pen test reports, sending it out in the middle of the night, you know, at 2 a.m.

[00:41:26] And then I was, you know, going back to my bunk and trying to sleep so I can sing the next day.

[00:41:32] Um, but I think that, um, for the next tour, I should have a little bit more work-life balance.

[00:41:37] I'm working on traveling, as you and I spoke earlier.

[00:41:40] Like, I'm working on traveling, actually taking PTO and trying to meditate and trying to, like, find that work-life balance.

[00:41:49] That's good.

[00:41:50] Yeah, I was going to ask after that, what are some of your advice for work-life balance and avoiding burnout?

[00:41:57] And I know you mentioned meditation.

[00:41:58] Does that seem to really be making a difference?

[00:42:01] Uh, I think so.

[00:42:03] So, when I first started meditating in January, I found myself falling asleep.

[00:42:11] Almost every single time, uh, which I don't think that that's, I mean, maybe that's a good thing.

[00:42:18] But, um, like, I, I would just go on YouTube and I would just type in guided meditations, you know, for, like, a 10-minute meditation or a 20-minute meditation.

[00:42:27] Because I feel like I'm constantly thinking of, like, all of my to-do lists.

[00:42:33] All of the, you know, the, the different code problems that my team is having.

[00:42:37] The different code problems I'm having.

[00:42:39] Or the research that I need to do individual, as an individual researcher as well.

[00:42:43] And so, I think I'm just, my brain is constant all day.

[00:42:47] And we're constantly looking at a computer.

[00:42:48] And so, it's very important for us to just, like, close our eyes.

[00:42:54] Listen to a guided meditation.

[00:42:56] And use a, a different sensory, like, uh, you know, thing that, you know, then filling my eyes in my hands.

[00:43:03] You know, like, hearing it and closing my eyes, I think, was helping me.

[00:43:07] But I was falling asleep so quick.

[00:43:09] Like, I was just exhausted.

[00:43:12] Um, but I think I, yeah, um, I don't know.

[00:43:15] A couple months ago, I started getting, I just stopped falling asleep in the middle of the meditations.

[00:43:20] Like, most of the time, I can actually do the full 10 to 20-minute meditation now.

[00:43:24] And, yeah, I think it's been really helpful.

[00:43:27] Because after I'm done with it, I feel a lot more calm.

[00:43:31] And I feel more clear-headed.

[00:43:33] And maybe there were some, um, things that I might have been beating my head against the wall.

[00:43:38] And just rabbit-holing for, like, a certain exploit.

[00:43:41] And I found that, um, after I meditated for, you know, 10 to 20 minutes, I, I immediately thought of a way around that blocker.

[00:43:51] And so, it's been helpful for me.

[00:43:54] Yeah.

[00:43:55] Very cool.

[00:43:56] Yeah, I've heard some other folks doing it that, that's really helped with stress and stuff.

[00:44:00] So, uh, always something I've been kind of curious about myself.

[00:44:03] You should let me know if you'd fall asleep.

[00:44:07] I probably would.

[00:44:09] I know it's not the same thing, but one of the things I was experienced with is I used to use, go to a hypnotist, especially back in my powerlifting competition days.

[00:44:18] It did work, and it was kind of crazy motivation-wise.

[00:44:21] I remember going in for a session one day, and I, I was training with a powerlifting team.

[00:44:26] And I went in one day, and normally I'm, I perform really good in competitions.

[00:44:31] But I'm not always, you know, performing, you know, top way, top, you know, within the gym.

[00:44:40] You know, in training sessions, it wasn't always the best.

[00:44:42] But competitions, I do well.

[00:44:44] After that session, I got into the gym, and it was crazy because my teammates asked me, what got into you?

[00:44:50] Because I had such a good workout.

[00:44:53] Wow.

[00:44:53] And one of the things he did, too, is he gave me some cues to help me sleep.

[00:44:57] So one of the cues is, like, tap on your thigh three times, and you'll be able to sleep.

[00:45:01] So he gave me some cues to help with sleeping, but I was really amazed how well the, the, the hypnosis worked.

[00:45:09] It really helped a lot.

[00:45:10] But one of the things about it, too, is relaxation-wise, when you're getting hypnotized, you about fall asleep during that.

[00:45:17] And once you kind of come out of it, it's like a really relaxing feeling.

[00:45:22] Wow, that's amazing.

[00:45:23] It was the effects only one day, though?

[00:45:26] Or, like, did, do you find that it actually lasted some time?

[00:45:30] I think you just had to keep up the sessions for it to work because they'd give you different cues for different things, things to think about, things, motions to do when you're in the gym getting ready to lift or whatever.

[00:45:42] You know, like, if you're getting ready to lift, there were certain cues that he would give me.

[00:45:46] And it seemed like as long as you were following up with those things, it worked well.

[00:45:49] And then I saw some people that did it, you know, really put a lot of emphasis in it, in powerlifting.

[00:45:54] They would go to whoever did the hypnotherapy.

[00:45:58] They'd get, like, a CD of the session and listen to those when they weren't going to the live sessions.

[00:46:04] Interesting.

[00:46:06] I recently got into, like, sleep meditation.

[00:46:11] Like, while you're sleeping, it'll say things to, like, help you, I guess, reprogram, like, I don't know, even, like, whether it's, like, old stress or trauma or anything like that.

[00:46:24] Like, it kind of gets into, like, affirmations and things like that, like, while you're sleeping.

[00:46:30] And you wake up, like, super positive about your day.

[00:46:34] And even though you were just sleeping.

[00:46:36] But I know that there's also people who do that for, like, informational things as well, like learning.

[00:46:42] Because when I, I know that if I had to learn all the lyrics to a song and I only had one day, I would listen to it in the headphones the entire night.

[00:46:52] And I'll wake up in the morning and I'll listen to the song one time and I knew all of the words.

[00:46:58] Like, I don't know.

[00:46:59] So, like, just having it on repeat, you know, you, like, learn it, I guess, in your sleep.

[00:47:05] So, I think it would be cool to, like, listen to some, like, really technical, like, super technical breakdowns of certain things that would be, you know, cybersecurity related.

[00:47:16] And I wonder how much we can actually ingest if we're just listening to the audiobooks in our sleep.

[00:47:22] Mm-hmm.

[00:47:23] That would be curious to see because I've heard of people doing that for learning, you know, taking college courses.

[00:47:28] Because my wife, she would originally start out, like, in the medical field, medical side of things.

[00:47:33] She was an occupational therapist.

[00:47:35] And there were different things that they needed to learn for their classes.

[00:47:39] And she used to just have it on a cassette tape and listen to it.

[00:47:42] And I've talked to people that need to really go back and ask her how well she thought that worked.

[00:47:46] Because, you know, if you could sit there and do this learning while you're sleeping,

[00:47:50] if you could actually get anything out of it, that would be pretty nice.

[00:47:53] That would be crazy.

[00:47:54] I think it needs to be repetitive, though.

[00:47:56] So, I don't know if you can go, like, a full eight hours, you know, of, you know, completely different material.

[00:48:03] I think it's going to have to be, like, one section that you really want to learn in a repeated way.

[00:48:09] But, I mean, I could be rough.

[00:48:11] But that's pretty cool.

[00:48:14] Very cool.

[00:48:15] So, we're getting down towards the end of the episode.

[00:48:17] Is there anything you'd like to share before we close it up?

[00:48:23] Well, Stephen Sims reached out to me and asked if I wanted to speak at Hollywood Hackfest on October.

[00:48:30] I think Hollywood Hackfest is October 28th and 29th.

[00:48:33] So, I'm going to be performing a talk on the 29th, which is cool.

[00:48:38] I don't know if they've announced it yet.

[00:48:39] But if you guys come to Hollywood Hackfest, please come to my talk and let me know whether you like it or not.

[00:48:44] It's going to be on using AI to help you develop payloads for browser-based exploits and, like, web application exploits and defensive, like, defensive Asian-type payloads and strategies to not get caught by EDR, modern EDR systems.

[00:49:03] So, hopefully you like that.

[00:49:05] And then, also, if you want to listen to my music, go to lilac.com.

[00:49:12] It's L-Y-L-V-C.

[00:49:13] Or you can go to, like, Instagram, Facebook, TikTok, everywhere, and just type in L-Y-L-V-C.

[00:49:21] And you'll be able to see when we release our new music video, Barely Human.

[00:49:26] I'm going to have, you know, I'm going to be Barely Human.

[00:49:28] I'm going to have half robotic parts, half human parts.

[00:49:31] It should be an amazing music video.

[00:49:33] I'm really excited.

[00:49:33] We'll be releasing that at the beginning of the year.

[00:49:36] Oh, very cool.

[00:49:38] Eva, you mentioned that.

[00:49:39] I recently released the episode today.

[00:49:41] But, Lin, no, he is considered the first augmented ethical hacker.

[00:49:46] So, he's got chip implants and all this stuff built into himself.

[00:49:52] I love that.

[00:49:52] I love that so much.

[00:49:53] Well, I don't want to, like, completely play into the, like, I don't want to be that for, like, stage performances.

[00:50:00] I know that some people can be very gimmicky, like, where they just go, you know, full robot costume and stuff like that.

[00:50:06] I don't want to do that.

[00:50:07] But I do think that it's fun to do it for, you know, one music video.

[00:50:11] Just be, like, this, like, badass, like, you know, half robot thing.

[00:50:15] But, yeah, a lot of my other music videos, they kind of vary based off of what I wrote this song about.

[00:50:21] So, if you are interested in watching any of my music videos just for YouTube.

[00:50:25] Oh, cool.

[00:50:26] I have to check that out.

[00:50:28] Yeah, let me know what you think.

[00:50:29] They're my older music videos.

[00:50:31] But I think the new music is, like, completely insane.

[00:50:35] So, it's, like, an excellent.

[00:50:36] Oh, that's cool.

[00:50:36] So, I'm excited.

[00:50:37] Very cool.

[00:50:39] Well, thanks for taking time out of your busy schedule to join me today.

[00:50:42] Yeah, thank you for inviting me.

[00:50:44] It's great to get to know you more.

[00:50:46] Yeah, same.

[00:50:47] Likewise.

[00:50:47] This one, like I mentioned, my favorite thing is meeting my connections in person and getting to know more about them.

[00:50:53] So, it's really cool.

[00:50:54] And I think whenever I found out that you're a rock singer, then I thought, yeah, this is a story people need to hear.

[00:51:01] So, I think people will be very interested in not to mention, you know, a badass hacker, too.

[00:51:06] So, I love that.

[00:51:08] Yeah, it's been great.

[00:51:09] I would love to see if we can do, like, I know, like, I think Laughing Mantis has a band.

[00:51:16] And I think Steven Sims has a band.

[00:51:19] I mean, a bunch of our hacker community does music.

[00:51:22] I wonder if there's ever, like, a conference where we can just, like, have our bands play.

[00:51:27] I don't know.

[00:51:27] I think that would be pretty cool.

[00:51:28] That would be very cool.

[00:51:29] Yeah.

[00:51:29] That would be cool.

[00:51:30] And there's probably enough people to do a concert, I would think, because, you know, you have, you mentioned Steven Sims yourself and some other folks, even Dual Core from the community.

[00:51:41] It does a lot of the rap type stuff.

[00:51:44] Hack all the things.

[00:51:45] Drink all the booze.

[00:51:45] Hack all the things.

[00:51:46] Yeah.

[00:51:47] Yeah.

[00:51:48] Absolutely.

[00:51:48] Yeah.

[00:51:49] That would be really cool.

[00:51:51] That would be cool.

[00:51:51] Okay.

[00:51:52] Well, it was great to meet you.

[00:51:54] And I'm glad I got to join.

[00:51:56] Same.

[00:51:57] Great chatting with you.

[00:51:58] Thanks again.

[00:51:59] Thank you.

[00:52:00] Thanks, everyone.

[00:52:01] And we'll see you on the next episode.

[00:52:05] Thank you for listening to The Philip Wiley Show.

[00:52:08] Make sure you subscribe so you don't miss any future episodes.

[00:52:12] In the meantime, to learn more about Philip, go to thehackermaker.com and connect with him on LinkedIn and Twitter at Philip Wiley.

[00:52:21] Until next time.