Bdubzz: Building Connections in Cybersecurity

[00:00:01] Welcome to the Phillip Wylie Show. Take a look behind the curtain of professional hacking and hear compelling discussions with guests from diverse backgrounds who share a common curiosity and passion for challenges and their job. And now, here's your host, offensive security professional, educator, mentor, and author, Phillip Wylie.

[00:00:25] Hello and welcome to another episode of the Phillip Wylie Show. Today I'm joined by Bdubs. Bdubs and I know each other from the local DFW cybersecurity community. And of course, members of the overall global and national cybersecurity community. So every once in a while we see each other at meetups and conferences. And so seeing recently that they're getting into content creation and sharing with others and trying to help the community, they'd be a good guest to have on.

[00:01:03] So welcome to the show. Bdubs Wylie Show, Ph.D.: Thank you. And thanks for having me. I'm excited to be here. Yeah, it's great to have you. It's one of the things that's really great is I know you really like sharing with community and helping others. So those are the type of people that make the best guests. So I appreciate you joining. Bdubs Wylie, Ph.D.: Yeah, absolutely. Yeah. And I enjoy helping other people and watching them grow within the community and get into cybersecurity.

[00:01:29] Bdubs Wylie, Ph.D.: So I have all my guests share their hacker origin story. So if you wouldn't mind sharing your hacker origin story, kind of where you started out to where you are now.

[00:01:39] Bdubs Wylie, Ph.D.: So I like to think that I've always been a hacker, even outside of computers and technology. I like to think outside the box and problems of find a better way of accomplishing a task. I've been that way since I was a little kid. I was taking apart the toys and trying to figure out how they worked and then put them back together. I always kind of picture myself as a hacker. It was not until 2023 that I found out. I could actually use it.

[00:02:08] Bdubs Wylie, Ph.D.: So I wanted to use that mindset as a career. So originally I wanted to be a pen tester naturally. I found Philip Wylie. I found a bunch of other people to learn from in the community.

[00:02:20] Bdubs Wylie, Ph.D.: I was studying that working hard to get a job and then I accidentally found GRC. So now I'm taking that hacker mindset and applying it to GRC and learning how or sharing how to these different topics and concepts from my own perspective. So that maybe some of the more typically boring things people can kind of see it in a new light.

[00:02:48] Bdubs Wylie, Ph.D.: Very cool. One of the good things too is that the hacker mindset is so helpful in so many areas and to be able to apply that to GRC because you know, sometimes people in the area don't have a technical background. So having that hacker mindset would definitely give you a unique perspective that not all people that work in GRC have. Bdubs Wylie, Ph.D.: Right. Yeah. It's definitely seeing things from a different angle, a new perspective. Yeah. I enjoy it.

[00:03:17] Bdubs Wylie, Ph.D.: So what area do you work in currently now? Bdubs Wylie, Ph.D.: So currently I'm in application security. I work a lot on the compliance side. I work with developers and making sure that, you know, all of our applications that we're building are PCI compliant. So you gotta love PCI. That's probably the best summary of what I do. I also do some policies and whether it's updating them or creating like SOPs, that sort of thing.

[00:03:46] Bdubs Wylie, Ph.D.: So what advice would you have for someone that's wanting to get into GRC? Bdubs Wylie, Ph.D.: So, well, whether it's GRC or any other part of cybersecurity, I feel like the advice is all the same. Find out what it is that you enjoy, what your passions are. And while you're learning those skills, get out into your local communities, whether it's your DEF CON groups or, you know, we have Dallas hackers. Get out into those groups. Go to some of the bigger conferences if you can.

[00:04:14] Bdubs Wylie, Ph.D.: And I think the most valuable thing that you can do when you're trying to get into the industry is meeting people in person and building friendships, not just connections on LinkedIn and all of that, but actual friendships where you're not looking for anything in return.

[00:04:32] Bdubs Wylie, Ph.D.: And while you're building those skills, eventually an opportunity may come up. And that is how I got my job opportunity because I applied to hundreds of jobs and always no response or a no. So that's always my best advice is go make friends.

[00:04:51] Bdubs Wylie, Ph.D.: Yeah, it's really interesting with the whole networking thing when it comes to jobs, because one of the examples I like to share of how networking is the better way of doing things, because back in 2017, I'd worked in consulting.

[00:05:05] Bdubs Wylie, Ph.D.: I was having to travel a lot and I wanted to find something where I was home more often. And I went to a local OWASP chapter meeting, the Dallas OWASP meeting. And one of the people presenting worked at U.S. Bank. And when he was before he started his presentation, he said, if anyone's looking for a pen testing role, we're hiring pen testers at U.S. Bank. So I gave my resume.

[00:05:27] Bdubs Wylie, Ph.D.: He took it, handed to the hiring manager, you know, within a few days or so I had an interview, you know, within a week, I'd get through the interviews at offer. But that same time I applied for a role at Bank of America, had all the credentials, but I applied online using the online application platform. And I didn't hear from them until like a year later.

[00:05:50] Bdubs Wylie, Ph.D.: I had my OSCP, SANS Web App Pen Testing Certification, you know, had a lot of experience, but then it took a year to hear back from them. And so someone is just starting out that could be even more detrimental because you may have less of the boxes checked.

[00:06:07] Bdubs Wylie, Ph.D.: But if you talk to someone, you know, someone there, they're likely to get your resume in the hands of hiring manager because how many times these people get all these hundreds or thousands of resumes, they've got to sort through them and it's too easy to overlook things. Bdubs Wylie, Ph.D.: But one of the things when you meet someone in person is the fact that they know what your personality is like, they can tell, yeah, this person really fit in with our team. They really like what they're doing. They're passionate or, you know, they're interested in, you know, learning other things.

[00:06:36] Bdubs Wylie, Ph.D.: You know, those open up the opportunity. So, yeah, I really agree with the networking thing. And even as far, you know, saying making friends, because I mean, most of my friends are in cybersecurity. I've got friends outside of it, but most of my friends are in cybersecurity. Bdubs Wylie, Ph.D.: And when you have those relationships and those friendships, when an opportunity does come along, your name is in that person's head. So when someone's like, hey, do you know someone that does this, this, and this?

[00:07:05] Bdubs Wylie, Ph.D.: They think of you, if that aligns. Another thing that I've seen is I'm really big in the Discord communities and, you know, there's people that hang out in voice channels and they're talking.

[00:07:19] Bdubs Wylie, Ph.D.: I've been in a voice channel where I've met those people in person and someone was like, you know, kind of venting a little bit because they had just gotten laid off from their job. And then this other person was, hey, what is it that you do? What are you looking for? Send me your resume. So you never, you just never know. Bdubs Wylie, Ph.D.: It's great to have those relationships and build those relationships and your next opportunity could literally come from anywhere.

[00:07:48] Bdubs Wylie, Ph.D.: Yeah, that's, that's so true. One of the things to, to go back to your, you know, thoughts on the networking. I used to teach when I was teaching at Dallas College and someone you probably know from the local community, Jason Kohler.

[00:08:02] Jason, I knew from the OWASP group meetings, Dallas Hackers, DC 214. I'd sign all these meetings and I knew an idea for what he's interested in his skillset. And I knew he is a recent college grad. And when I was at Dallas College, I would always get asked for resumes for junior level pen testers. And, you know, I would include resumes from people from the community too. When I knew someone, knew of someone that had, you know, desire to do that and some experience that I would share them.

[00:08:29] Jason, I knew that was a good thing. And he was able to get his first pen testing role through that. So, you know, I can't really agree what you're saying, because sometimes the mistake people make when they go to these meetups is they don't talk to anyone. They, they set in a corner and you have to get out there and talk to people, let them know what you're interested in. And I'm sure you can attest to as well as I can, that this community is so much different than other communities. I mean, I'm sure you're probably the same way. If you went somewhere that was a little more different,

[00:09:00] business or formal environment. You're with a bunch of salespeople, it might be hard to relate and open up, but when you're around, you know, your fellow nerds and hackers, you know, you've got something in common. And I see some of the most introverted people able to open up and enjoy those communities.

[00:09:16] Yeah. And I, I was just at Wild West Hackenfest Mile High in Denver last week. And it's so much like that at these conferences or these local meetups, when you find the right people, you can literally go up and talk to anybody.

[00:09:33] If you came alone and you're new, you don't know anybody, go introduce yourself and you'll end up being stuck in at least a 30 minute conversation. But it's, you know, we all have that one thing in common. We're all introverted. We're all socially awkward. So let's just do it together. And, you know, there's no judgment for being different because we're all different. So I love it. It's, it's my people.

[00:10:00] Yeah. It makes a difference when you meet your people, your tribe, it makes all the difference in the world. I mean, cause it's, you know, when I look at all the different communities I've been involved in over the years, you know, I used to compete in powerlifting. So I was very well connected to the, the fitness industry and the powerlifting world, but it's just, nothing is like, you know, the cybersecurity community and even people in different areas.

[00:10:24] We all have, you know, you know, you may see some other industries where someone's a database administrator and maybe they're not hanging out with the Cisco network administrators. But the nice thing about ours is that everyone, regardless of what area you're in, kind of get together and bond over the common interest of security.

[00:10:46] Right. Exactly. And that's what happens at these conferences and, and the local meetups, you know, if funds are tight, you don't have to go and spend a bunch of money for these bigger conferences when you don't have a job. Um, there's DEF CON groups all over the place. B sides are typically low cost or free. Um, so yeah, I, I highly recommend all of those.

[00:11:09] So as far as, you know, what are some of your favorite smaller conferences? Cause I know you just came back from Wild West Hacking Fest Mile High. So what are some of the other conferences that you enjoy? I mean, Wild West has got a special place in my heart for both Deadwood and Mile High. For small conferences, it's the B sides. I help out and volunteer at our local B sides and I really enjoy it. It's, it's a great experience.

[00:11:35] My first experience at any conference or any B sides was at our local B sides. And I showed up at six in the morning, ready to volunteer. And they were like, you're crazy. I said, I know I am, but it was such a good experience. And because I was there behind the registration desk, there was people coming up to me to introduce themselves to me. Cause they thought I was just running some show.

[00:12:01] So, and it was, it was, it was great. I made a lot of relationships. That's when I met Jason. And then I was able to go on and help him with the SWCCDC. And I opened up a lot of opportunities. So even just volunteering at your local B sides is huge. And don't you think that volunteering experience accelerated your connection to the community?

[00:12:28] A hundred percent. Yes, absolutely. Cause then people acted like they knew me and it just, it made it easy for me to communicate because I had never even been to our local groups at that point. And I was very, very introverted, socially awkward, like everyone else. And I didn't know what to expect. I didn't know how to talk to these people yet. And so it really helped me kind of get out there, not hide inside my shell. So what year was the first one you went to?

[00:12:58] It was November, 2023. Okay. So yeah, that's when we first met too. And then last year in 2024, I was running registration. I didn't even know I was going to, but you know, they needed someone and I just stepped up and did it.

[00:13:14] That's great. So that's one of the things too, if people want to get involved in the community and maybe you're scared to speak now, but you can do stuff like volunteering. So, so what are your thoughts on, on giving your first presentation? Are you looking to do that anytime soon? Is that something that's kind of on, on your radar?

[00:13:31] Giving a presentation? Yeah. So I wrote a blog and in that blog, I committed to giving a presentation at a conference this year. It's going to happen. We'll have to wait and see what conference that's going to be, but I'm really excited. One of my weaknesses is verbal communication. Me working on my communication skills is getting myself out there to grow and be a better professional. And it'll take time.

[00:13:59] My first presentation isn't going to be amazing, but the next one will be better and it'll keep getting better and better. And that'll help me be a better professional so I can better talk and communicate with different stakeholders, developers, and carry on conversations as it fits into my job description and my day-to-day duties.

[00:14:22] Yeah. That's, that's a great idea and goals is public speaking because I used to be terrified at first. And just like anything else, the more you practice it, the easier it gets. And it gets to the point you just really wonder why it was ever hard to do, but yeah, that's great that you, that you have that ambition. So community wise, discords, what you have your own discord. Is that correct?

[00:14:46] So I don't, I am a part of study GRC, which is a nonprofit that our main goal is to bring together a community so that other people can learn those GRC skills because there's not a hack the box for GRC or grow their existing skills or just have friends in the community.

[00:15:06] Fostering those relationships. So I help out over there and I am a big part of that community. Other than that, I, I'm big in the simply cyber discord. I'm in the hack smarter discord by Tyler Ramsby, but I can only typically handle about one discord at a time being very active.

[00:15:29] And then the second one I'm kind of active. And then the third one, it's just hard to balance it with life and all. Yeah, that can get pretty tough to keep up with them. And, and there's so many discords out there. And so, yeah, one of the things is simply cyber community is pretty awesome. It's pretty, pretty cool. What, what Gerald's done with all that, just kind of seeing how that's really grown over the years.

[00:15:53] Cause I remember I first found out about Joe, about Gerald Osher back in 2020, seeing him stream and seeing him on some other people's streams and podcasts and stuff. So it's really cool to see what he's done with that community. Yeah, it is. I enjoy being a part of it. And so one thing is with study GRC, we're actually streaming five days a week now, but we regularly meet every single Thursday. We've been doing this for over a year now.

[00:16:19] So I am now on Thursdays on stream answering questions or just chit chatting really sometimes based on whatever topics come up. Um, it's helped me get comfortable in front of the camera. It's helped me kind of, um, you know, not be as nervous to speak in front of other people.

[00:16:43] But at the same time, I'm still in my house, I'm talking to a wall. So giving a presentation in real life with a real audience is going to be a totally different experience, but it's baby steps. And I've been working on all of that. That's a good first step. That's good practice to get from doing that because you get the repetition and get used to doing it. Of course, like you mentioned, you know, a live audience would be a little bit different, but you know, it just, but it gets easier.

[00:17:10] So it's good that you're, you're doing that. And so what are kind of your thoughts on personal branding? Cause I see, you know, like one of your logos and discord and stuff, and you seem to be interested in personal branding. So what are your thoughts on that, on personal branding? So that's a really good question. I recently in January took Jerry's personal branding course. It's the PBCC with Simply Cyber. He has it in the Simply Cyber Academy, but he does it live.

[00:17:36] So I took that course, but I had already kind of started on my blog before then. My logo that I have with my T-Rex, I made it with Chachi BT. It kind of stuck. I like it. Now it's everywhere. People recognize me by it. And it's really just, and it's really just been all these little steps adding up to come to what is my personal brand now. I didn't realize I was doing it until I was.

[00:18:05] Um, I get asked all the time, you know, people are interested in starting blogs or starting YouTube channels. And the biggest question that I see is how you do that. It's really difficult to say, this is how, and you need to do X, Y, and Z.

[00:18:22] I bought my domain and I literally bought my domain name because it would look good on a resume. So it's accidentally kind of grown into this other thing. And it was six months roughly before I actually wrote my first blog post. And now I've been writing blog posts.

[00:18:42] I don't know, like math is hard in my head right now, but I've been writing blog posts over six months. I believe every single Monday I publish a new one. So the biggest things are consistency. So if you have certain colors or certain themes, stick with that and just be you, be authentic, be real, help other people.

[00:19:09] And then if you're posting something, whether it's a, um, YouTube video or a blog or a LinkedIn post, make sure you do it. If it's once a week, keep doing it once a week. If it's once a month, do it once a month. Just be consistent in all of that. Yeah, that's great advice. And I love that you're doing blogging because a lot of people think of content creation and they forget about writing. That's the very first form that aren't some of the very first content creation.

[00:19:37] So it gets overlooked so many times because, you know, you see a lot of great content on YouTube and people forget about it. And that's a great way to start out because even if you want to get into, to creating YouTube videos, you have to write scripts and come up with stuff. So what, there's not a better step than writing and blogging. And not everyone is into YouTube or podcasts. Some people want to read a blog post.

[00:20:02] Yeah, for sure. Yeah. You kind of can tap into a different type of audience there. But one thing that I am doing, and I was working on my writing skills as well. I found out that I enjoy writing. I really enjoy creating these blog posts and writing about these topics from my own point of view and kind of how I see it, even as someone new in the industry.

[00:20:25] And that's another thing, too, is just because you're new doesn't mean you don't have something to say. So if you have something to say, just say it, whether it's in a blog post or YouTube channel. And another thing that I'm about to start doing, and I've been working on it now is I am working on YouTube videos so that I can have a video that also ties into my blog. And then I can mix that. So you have both options of reading my blog or you can listen to my blog.

[00:20:55] And really, so I can help more people is what it comes down to. That's great. And I love that you said no matter how new you are, it's important. And one of the reasons a lot of things people overlook is when you're coming into the industry new, you're kind of learning things at a lower level that you could explain much easier to someone else that's new.

[00:21:17] And that's in a lot of cases the way if you're, you know, not writing too overly technical, then people that work in the different business units that would be working with someone like yourself, they can better understand it. So that's one of the valuable things there. And just like going back to like thinking about teaching, you know, you have to explain it at a level of your audience. So, so anyone listening, you know, definitely take that advice that you got something to say, share it.

[00:21:44] And one of the things that, that I used to, you know, I was teaching at Dallas college, teaching the pen testing classes. I would have brand new students, but always listen to what they had to say and what they're learning. Because when someone's new into it, they'll find resources that maybe you're not finding while they're learning. So, you know, if people are only going to pay attention to people that are experienced, you're going to miss out on a lot of good content, a lot of good advice. Oh yeah, for sure. You definitely have to be open-minded, especially in this field.

[00:22:12] But I mean, in life in general, you have to just be open-minded and accepting to those new things. Even if you have 10 or more years of experience, and this is someone who just started, you never know what they might find in Google. Yeah, definitely. And that's one of the things that too, for anyone mentoring, a bit of advice I always like to share too, is just because if someone's coming to you asking a lot of questions, and it's things they could Google, don't ever get upset with them.

[00:22:41] Because one of the things people forget sometimes is some of the language around that. So if someone's learning something new, they may not know the right keywords to Google to get the answer. Because I had someone one time kept coming back, and I was Googling because it wasn't something I knew right offhand or didn't have my notes, but I knew how to ask the questions and find it. And I give it to them, and they responded back saying, thanks for telling me not to Google it. I just don't really understand.

[00:23:08] And so I think we've got to, you mentioned, have an open mind. I think anyone that's mentoring needs to have an open mind and give people grace, because when you're learning it new, you don't know all the terminology, and you need a little help. Right. I think that's spot on. You know, some of my struggles in learning is just, I know I can Google it, but how do I Google it? What is it that I'm looking for? Sometimes you don't even know what it is you're looking for.

[00:23:35] So with mentoring, that's incredibly helpful. And so as far as that, giving advice and stuff like that, so I would assume being on these Discords, you're probably doing some mentoring, I would imagine. Yeah, so I'm actually listed in the Hack Smarter Discord as one of his pay, or no, it's Donate What You Can mentoring. So you can find my link there. You can schedule time with me to mentor.

[00:24:01] But I prefer to not take up that time. Sometimes you need one-on-one mentoring, and I'm happy to help people, but my time is limited, and I want to help more people. Sometimes I enjoy just, you know, we have our Thursday night streams. Anybody can hop up on stage with us. We can talk and have good conversation, answer questions. Another thing is the Discord voice channels.

[00:24:27] I enjoy just hopping in there sometimes when I have time, randomly seeing who pops in and just chit-chatting. Yeah, and that's one of the things, too, just to kind of look back on, you know, the fact that you're doing the GRC stuff, and you're talking about writing policies. And that's one of the things I think a lot of new people overlook. Everyone wants to jump into hacking and being a pen tester, and not to discourage anyone from that. But there's a lot of opportunities people are missing out on that's a good place to start out doing things like GRC.

[00:24:57] I agree. And, too, with GRC, you really get to get in there and kind of see the whole big picture of security, especially if you're brand new, and especially if you don't have IT experience. You can kind of see how the whole security program works, how the different departments work together. So, I mean, I'm GRC for life now, but I still love, you know, my hacking roots.

[00:25:22] But, yeah, that's good to show to the folks listening is, you know, you can still enjoy the hacking stuff, and nothing says that you can't still do that stuff, do hack the box and these other challenges and stuff and learn things. Because, you know, a lot of that stuff could be transferable to projects you're working on and stuff and help understand that better, having that technical knowledge. Oh, yeah, sure. I mean, I still participate in CTFs when I have time, so I love it. That's great.

[00:25:51] So, we're getting down towards the end of the episode. Is there anything you'd like to share that we didn't discuss? Well, I have my blog. You know, if there's topics you want to learn more about, I'm always open to suggestions there. Otherwise, you can have a newsletter you can subscribe to. There's YouTube channels coming or YouTube videos coming to go with my blogs. But I have a new one that comes out every Monday.

[00:26:18] I've been doing that since October, and I have no intentions of stopping. Other than that, it's a huge opportunity to be on this show. I'm so thankful for you, Phil, for letting me come on and talk with you tonight. Yeah, thanks for joining. It was great to catch up. We haven't seen each other in a little while. But, yeah, I appreciate you sharing your advice because I'm sure there's a lot of people that are going to get a lot of good out of it.

[00:26:47] So keep up the good work with your community stuff and your content creation, your blog. So I really look forward to seeing where you're at in a few years from now. I just recorded a podcast earlier with someone, and they brought up the name of someone now that's speaking at a social engineering conference that I met and kind of mentored a little bit. Now they're a published author, and they're speaking at conferences. And it's just really cool to see.

[00:27:15] One of my favorite things to see in the community is how people evolve over the years because you remember them when they first started out. Then they go on to do all these great things. And so you're off to a great start that you're doing all this stuff for community. That's one of the things near and dear to my heart. So it's really great to see you doing that and keep up the good work. Yeah, thank you. I appreciate it. I mean, that's my biggest passion, really, that all my other passions are tied to is just helping other people and supporting others in the best way that I can.

[00:27:45] And maybe one day I'll be a published author, too. It's definitely one of my goals, but it's probably not going to happen this year. You can do it, but that's good. You're doing a great first step. Being able to like to write is going to go a long ways to doing that. And so I'm sure that the world needs some good GRC books or other things that you can come up with. So when you do that, I look forward to it. Yeah, me too. Thanks, everyone. We'll see you in the next episode.

[00:28:14] Thank you for listening to The Philip Wiley Show. Make sure you subscribe so you don't miss any future episodes. In the meantime, to learn more about Philip, go to thehackermaker.com and connect with him on LinkedIn and Twitter at Philip Wiley. Until next time.