Cybersecurity Mentors Podcast

In this episode, we chat with Carson Sallis, Senior Offensive Security Engineer and Vulnerability Researcher at NVIDIA. Carson walks us through a day in the life of a pentester and shares actionable advice for anyone looking to break into offensive security. He also gives a live demo of fuzzing with AFL (American Fuzzy Lop) and explains how tools like this are used in real-world vulnerability research.Whether you're just starting out or looking to sharpen your red team skills, this episode is full of insights you won’t want to miss.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Episode Resources:GitHub: https://github.com/cybersecmentors/season_3_ep_6Guest: Carson Sallis Follow Carson and connect for updates, demos, and career insights.LinkedIn:  https://www.linkedin.com/in/carson-sallis/Fuzzing Tools & Resources· AFL (American Fuzzy Lop) The fuzzing tool featured in Carson's demo. Link: https://lcamtuf.coredump.cx/afl/· AFL++ An advanced fork of AFL with modern features. Link: https://github.com/AFLplusplus/AFLplusplus· Fuzzing: Brute Force Vulnerability Discovery (Book) A foundational guide for learning fuzzing. Link: https://nostarch.com/fuzzing++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Connect with us and leave us feedback:Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultationSign up for our Newsletter: https://sendfox.com/lp/m2vx85 Join us on Discord: https://discord.com/invite/g4yRKjnD78Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcastCheck out our YouTube channel for more content: https://www.youtube.com/@CybersecurityMentorsPodcastTCM Affiliate Link: https://certifications.tcm-sec.com/?ref=1Send us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections

In this episode, Steve and John dive into why securing systems is a must-know skill in cybersecurity. Learn the basics of system hardening, access control, and logging, plus practical tools and labs to get hands-on. They also explore how AI can boost your defense game — and why thinking like both an attacker and defender will set you apart.++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Episode Resources:Hands-On Labs & PlatformsTryHackMe Labs: Intro to Windows, Hardening, Linux Privilege Escalation, Pre-Security PathGreat for learning system hardening and exploitation from both Red and Blue perspectives.Link: https://tryhackme.comHack The Box Academy Modules on Windows/Linux fundamentals, Active Directory hardening, and network security.Link: https://www.hackthebox.com/Cyber Defenders Real-world challenges with system logs, hardening tasks, and detection engineering.Link: https://cyberdefenders.org/Security Benchmarks & GuidesCIS Benchmarks Free hardening guidelines for Windows, Linux, macOS, network devices, and cloud platforms.Link: https://www.cisecurity.org/cis-benchmarksMicrosoft Security Baselines Microsoft’s official security settings for Windows 10/11, Server, Office, and more.Link: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-security-baselinesTools & ScriptsWindows Hardening Guide by Debloat WindowsOpen-source PowerShell scripts to harden Windows easily.Link: https://github.com/ChrisTitusTech/win10scriptLynis (Linux Hardening Audit Tool)CLI tool that scans Linux systems and gives a security score with suggestions.Link: https://cisofy.com/lynis/Ansible Lockdown RolesPrebuilt automation scripts for applying CIS hardening via Ansible.Link: https://github.com/ansible-lockdown/++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++Connect with us and leave us feedback:Cybersecurity Mentors Podcast Swag: https://the-cybersecurity-mentors-pod.myspreadshop.com Mentorship - Sign up for a FREE session: https://www.cyberprofessionalservices.com/scheduling-free-consultationSign up for our Newsletter: https://sendfox.com/lp/m2vx85 Join us on Discord: https://discord.com/invite/g4yRKjnD78Follow our LinkedIn page: https://www.linkedin.com/company/cybersecurity-mentors-podcastCheck out our YouTube channel for more contentSend us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections

Craig Sheffield, a cybersecurity analyst from Taiwan with a background in teaching and the arts, shares his compelling journey into cybersecurity. He discusses how his musical skills translated surprisingly well into this tech field. Craig dives into his experiences with the TryHackMe Security Analyst Level 1 certification, emphasizing the blend of motivation and community support. He also weighs the pros and cons of various training methods, highlighting the significance of practical experience and the pivotal role of certifications in career advancement.

In this episode, we delve into the often-overlooked yet fundamental importance of learning how to "build" systems, networks, and applications for cybersecurity professionals. Coining the philosophy "Build, Secure, Hack," we explore why hands-on experience in building provides an essential foundation for effectively securing and ultimately understanding how to hack those environments. We discuss the pitfalls of skipping these foundational IT skills, highlight the immense value of setting up a home lab for practical learning, and offer concrete examples of what to build to enhance your cybersecurity expertise and career prospects in today's job market.Check out our new merch shop! https://the-cybersecurity-mentors-pod.myspreadshop.comYouTube ResourcesNetworkChuck - https://www.youtube.com/c/NetworkChuckTechno Tim - https://www.youtube.com/c/TechnoTimLive LearnLinuxTV - https://www.youtube.com/c/LearnLinuxTV The Coding Train - https://www.youtube.com/c/TheCodingTrain Professor Messer - https://www.youtube.com/@professormesserVirtualization PlatformsVirtualBox – Free and easy to use. - https://www.virtualbox.org/VMware Workstation Player – Personal use version of VMware.Proxmox VE – Advanced, self-hosted hypervisor.Lab Design IdeaspfSense as your firewall/routerLinux and Windows VMs for practiceAdd vulnerable VMs from VulnHub to practice attack/defend - https://www.vulnhub.com/Add Security Onion to practice detection - https://securityonionsolutions.com/Automation / DevOpsAnsible – Infrastructure as code for deploying and managing servers - https://www.ansible.com/Docker – Build and run isolated containers (great for web apps or SOC tools) - https://www.docker.com/HomelabOS – Build an entire lab with one command - https://homelabos.com/Cloud OptionsAWS Free Tier - https://aws.amazon.com/free/Google Cloud Free Tier - https://cloud.google.com/freeMicrosoft Azure for Students - https://azure.microsoft.com/en-us/free/students/Send us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections

Doug Burks, founder and CEO of Security Onion Solutions, shares his inspiring journey from computer enthusiast to cybersecurity innovator. He highlights how accessible network monitoring tools help defenders fight cyber threats effectively. The conversation dives into the importance of setting up home labs for practical skills, the excitement of responding to cyber challenges, and the complexities of open-source communities. Burks also emphasizes the ongoing evolution of network security amidst emerging technologies like encryption and AI.

In this episode, we dive deep into the world of cyber deception—from classic honeypots to canary tokens and more. Learn how deception isn't just a defense tactic, but a skill every aspiring cybersecurity analyst should master. We'll explore real-world stories, ethical considerations, and how strategic deception can give you the upper hand against attackers.Episode Resources:Offensive Countermeasures BookCanary TokensHoneyport - Powershell ScriptCheck out our new merch shop! https://the-cybersecurity-mentors-pod.myspreadshop.comSend us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections

This episode delves into the current state of the cybersecurity job market and offers essential strategies for breaking into the industry. Kelly Belding, an experienced IT recruiter, discusses hiring trends, the importance of relevant skills and certifications, and the significant role of networking for career advancement.• Overview of the changing IT job market dynamics • Discussion on entry-level versus mid-senior level positions • Importance of skill sets and certifications in job applications • Insights on current salary expectations for new graduates • Networking's vital role in securing job opportunities • The impact of AI on hiring practices and operational rolesSend us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections

In this episode we chat with Daniel, who is just starting on his journey in cybersecurity. We work to give him guidance, direction, and a roadmap for landing his first job. • What sparked Daniel's interest in cybersecurity • Current job enhances troubleshooting skills and problem-solving mindset • Pursuing cybersecurity certifications one step at a time • Importance of framing experiences effectively on resumes • Networking and social media presence as tools for job hunting • Resilience and adaptability are essential for a successful entry into cybersecuritySend us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections

This episode focuses on essential skills and tools for aspiring cybersecurity analysts, including network monitoring, incident response, and phishing defense. The conversation emphasizes the importance of practical experience and understanding the fundamentals to successfully navigate careers in cybersecurity.• Importance of network monitoring in identifying suspicious activities • Understanding networking fundamentals for cybersecurity roles • Tools for capturing and analyzing network traffic • Steps to effectively manage and respond to security incidents • Strategies for identifying and mitigating phishing threats • Role of simulations and drills in training for real-world incidents • Need for hands-on experience to enhance cybersecurity skills • Insights into preparing employees against phishing attacks • Importance of documentation in incident response • How to differentiate oneself in a competitive job marketSend us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections

This episode is part one of two that focuses on essential tools and skills for aspiring security analysts. In this episode we discuss SIEM tools, vulnerability management, and endpoint protection. Check out the link for the resources. • Importance of SIEM tools for analyzing log data • Vulnerability management as a critical cybersecurity hygiene practice • Regular vulnerability scans and prioritizing remediation efforts • The evolution of endpoint protection and current threats • Real-world implications of failing to manage vulnerabilities • Practical tips and resources for gaining hands-on experience • Encouragement for community engagement and shared learningLink to resourcesMentorship - sign up for a free sessionSend us fan mail via textCheck out our Networking is King Course: How to Build a Career Through Real Connections