um if you're starting to interviews and you're not getting past the screening stage or the first interview then you need to really sit down and evaluate where am I failing is my technical knowledge not strong are my soft skills not strong what can I be doing better it was dark when I left dark when I got home it just was one of those situations where it wasn't mentally healthy and so one day I I just literally it was lunchtime I put my my keys on the desk my card on the desk I went I broke my lease I walked out of my job [Music] everyone David Bumble back with Heath Heath great to have you back on the channel hey great to be back appreciate it David So Heath I really want to thank you for sponsoring this video and supporting my channel just so that everyone's aware what we did is TCM put out an AMA and we got a whole bunch of questions so you know what can we ask Heath so that's what I'm going to go through today Heath I've also watched a bunch of your videos and you know done a bit of research so I'm going to ask you questions from stuff that I've seen and questions that I get on my Channel all the time but hopefully we're going to cover a bunch of the questions that we got so are you ready I'm ready that's great so Heath first question this has come up quite a few times which certifications has TCM got you know people aren't aware of all the CTS and like one of the questions was any plans for Life Training but you do provide life training training I believe yes we do so perhaps you can take us on the journey the Sears that you currently have and the Cs that you're going to perhaps develop another question that came up quite a lot was Cloud so it's yeah let's share a screen we can talk about it yeah so uh we've got several certifications I think we've got eight or nine now and so I kind of walk you through the Journey of what we have and where we started so uh we actually started with our pmpt certification this is where we're most well known and so our idea was to create a certification that mimicked a real world pent test so we put you through sort of a gauntlet of uh an engagement and so you have to perform open source intelligence you have to go through and perform an external pent test break into our Network perform an internal pentest and then when you're all said and done you have to write a report deliver that report and also deliver a debrief to our team so what we wanted to do was put you through the real world of being a consultant so you get five days it's not a multiple choice exam any of that stuff and so all of our exams follow that format where we don't have multiple choice it's all real world you're going to take a couple days to do it and just kind of mirror what you would do if you were on a real engagement so we we have a few different exam categories so we have the pmpt which is where we first started but we actually moved into a more Junior one so the PJP which is a network penetration test exam for juniors and that one is just fully active directory hacking so last time we were together we did a bunch of active directory hacking that would be all applicable to what this exam is so this is kind of the the baby di your toe in the water certification and then you've got the pmpt which is really more of that intermediate really challenge you type certification tying into this we've got this pcrp program which goes with the pmpt it's kind of an add-on uh but it's a what we call the career ready professional certification and so what you get with that is more of career coaching and guidance so you do get a one-on-one session with a member of our team kind of get you to where you need to go you go through the pmpt training and the certification once you're through that we put you through a soft skills course which is pretty unique so you go through how to write a resume how to interview what are behavioral questions what's the star method how do you answer those how do you go about finding a job how do you set up a blog or website to talk about yourself and just all these little intangibles that go a long way when it comes to the job process we put you through a mock interview as well and basically what we're doing is we are certifying that you are going to be employable that we would hire you it's the same actual questions that we asked for a junior pentester which is cool you get a resume review uh there's a lot of things that come with the program and it just kind of Gears you towards that real life if you're trying to be a pentester um going through all those steps getting kind of beat up on your resume getting beat up in the interview with us so that it doesn't happen in the real world and so we've had a lot of success for that program um we've got a malware certification this is actually developed by Matt Keeley who works at Huntress now a really smart guy again one of those certifications where you have to dissect malware and actually analyze it and report back on what you're seeing so very very unique we've got other certifications in the realm of mobile pen testing so mobile device hacking Android and iPhones uh we've got Junior web and actually launched this past week was the uh pwpt so PJ WT pwpt similar to the pmpt but this is for the web application side uh so we've got a junior certification and then a more advanced certification on the pwpt side we've got this ENT researcher one that's pretty unique as well I don't know if anybody that has it but it's basically a certification where you get a random Bank of questions that are given to you and you have to go out and actually find them and they're various level of difficulties but hey where was this picture taken or where is this person located or track somebody of significant importance and report back on that so um really fun touches on a lot of different osen categories that go with one of our courses and then we also just launched not too long ago this iot tester certification which again is pretty unique because most iot hacking is Hands-On Hardware hacking we were able to write our own um firmware here and be able to dissect it virtually which is kind of nice saves a lot on costs which is a big mission of ours and uh doesn't doesn't require you to have any physical Hands-On uh board which is really nice as well um from the live training standpoint we do have two that are in our repertoire right now so we're doing a live web app pentration testing that one's coming in July 26 that's going to be our next one uh that's going to be a two-day uh training so basically it's going to be junior to intermediate and kind of cover the PJ WT and the pwpt type certification training and then we have in September our hacking and defending actor directory which is um some of what we covered last time we talked as well just how do you hack actor directory how do you defend it uh we get more blue teamers in that course than we do actually get red teamers in that course because they're very interested in what we're doing on the red side so from another perspective we have a lot of cool things going on we've got three full-time content developers right now so the one just wrapped up pwpt he's going to be going into uh next phase his background is really in a secure coding and development so I could see us doing something there here in the near future where we actually teach developers how to uh code securely it's something that we we run into a lot of is I even give you an example like our our Dev team right now um we're scaling up for a new platform that we're releasing and we're running into a little bit of a bottleneck because um our team knows how to develop securely but we're bringing in some outside contractors that have years of experience and they do not we still have to review all their code we can bring on 10 of those we can bring on 20 of those but if they don't know how to securely code uh we still have to do all the uh the research and make sure that everything that they're submitting to us is good to go because you don't want to be a security company that has uh inse your code so um yeah so there's there's opportunities there but a couple things that we're working on right now that are really exciting the sock 101 course is what we're working on so we're actually working on Blue Team content we hired a full-time blue team content creator uh so that sock 101 course is going to be that entry-level blue team course and then we're going to have a certification tied along with it the sock 101 course should be releasing in July The Blue Team certification should be releasing sometime in September and then we're also releasing a course that's going to be free it's called practical help desk and so it's going to be completely handson on how do you do a uh how do you perform as a help desk and so kind of like an A+ certification but again instead of multiple choice you're you're looking at a Hands-On environment uh we do plan to releas a certification for that um probably pretty cheap on the certification side we just want to make it a low barriered entry again kind of going with our mission and just start being that One-Stop shop for training so we're not just planning on being cyber security or just red team training we're moving into blue team we're moving into beginner level training we're just trying to be all compassing with what we're doing and you'll see a lot of that here coming soon especially in the next few months so Heath there were quite a few questions about Advanced courses like you've got the malware course is there a more advanced one is there like the possibility that you'll do an ocp type course but like your style like people obviously want the beginner stuff but there seems to be some interest in like some more advanced courses yeah absolutely we it is part of our road map so the the road map that we've been on has been this idea of work backwards before we move forwards So you you're seeing us put out this practical help desk and you're seeing us put out sock 101 and a lot of Junior based certifications but we are starting to come out with more intermediate and then hopefully Advanced after that so like we just released last week the pwpt that's an intermediate certification that built on uh pmpt pretty much Rivals ocp and so our next plan would be to release something more advanced like an occe type certification where it's a pmpt advanced and you have a pathway there so our goal is to eventually build out Pathways where we have a junior intermediate and advanced certification and then also build out other Pathways where if you go out and you get like a pmpt and a pwpt then you get certified as kind of a overall like certified pen tester so you you have different road maps and Pathways that we're going to build out so we're just so focused right now on on building out the core but yes we realize that hey a lot of our students have gone through the junior or even some of our intermediate training and they're wanting more and we've got to build out content for them too so we're getting into that phase here very soon I'm glad you said that because one of the question was about sock so and blue teaming so more blue team content coming run yes uh we realize red teamers are out numbered 10 to one not everybody needs a red teamer not every team has a offensive security person but a lot of companies need blue teamers and so for us we do training very uniquely our training is uh video based it's short digestible videos and it's not text it's not anything like that so uh for us creating some sort of long format course that is Hands-On adjustble and allows people to actually understand what working in a sock feels and looks like uh it's it's going to be really exciting because we don't we don't think there's anybody out there quite doing it like we want to do it and uh yeah so we got a lot of blue team content ideas that are coming up I love what you do with the with the training right because video training especially for I think the newer generation is the way to go reading is is so much harder it's so much easier if someone just shows you I agree I for me personally I can't read and comprehend easily I'm one that sit down I go to read a book I'll read the same page five times cuz I'll I'll see a sentence I'll start thinking about that sentence and I'll my eyes will read the page but my brain won't comprehend and so for me kinesthetic learning handson short digestible videos short attention span um that really helps me and yeah being able to see somebody walk me through what they're doing and then be able to explain that I I learn better that way and so that's the way that I teach as well one of the things that a few people asked is cloud penetration testing is that on the horizon Perhaps it is we've shed away from it just because the idea or the term of cloud pentesting to us as a consultancy is uh a little bit kind of a buzzword and so if a client comes to us and they want a pentest right a pentest takes about a week if they want an audit an audit takes about a week we prefer Cloud auditing to cloud pen testing because Cloud auditing we get access to everything behind the scenes we can see what's going on and we can go in there and say hey you're good or you're not good in these places Cloud pentest we have to go through and just say okay well we're going to test at things maybe we see something maybe we don't we only have a week worth of time and so it's a little bit more I don't want to call gimmicky it's still relevant but it's not what we would do like we don't perform cloud pen testing at TCM security we only perform Cloud auditing and so if you're going to see something from us yes you're going to see probably something in the cloud auditing space more so than the cloud pentesting space u more more of hey here's all the things that could go wrong and all the configurations that you could set up wrong so that way somebody can go in and actually test those those things and it would be beneficial from an Auditor's perspective or from a security defense perspective that's great question I mean I'm sure you get this all the time and I've seen some of your videos where you address this uh but let let's get the 2024 version SE it's is a big one people always ask about right so I want to get to pnppt give us the path Heath um do I do ocp do I go straight from you know Security Plus to ocp I'm just making this up but perhaps you can give us a proper path right for different people sure yeah I I could talk through this and so I there's some certifications where they're nice to have you don't necessarily need them and there's some certifications where yeah I think in general certifications are nice to have they're not necessarily end all be all right and certifications are expensive and so it just depends on on your situation but if you're just starting out you're watching this video you've never done anything in it before getting a good foundation in help desk is uh important how do you fix the computer what are the different technologies that computers use just understanding The Core Concepts of Compu Computing very very important now if that leads to you going getting your A+ certification I think that's great especially if you end up working on a help desk and so everybody has their own paths you'll see that when you look at cyber security everybody's path to cybercity was different so my path into cyber security was working on a help Des uh and then I worked as a network engineer and then I worked as a penetration tester and you'll see people that completely skipped all those things and went right into penetration testing and it's just everybody's a little unique so a core Foundation of an A+ equivalent or help desk knowledge is important uh Network networking knowledge is very important so again Network plus equivalent some people ask if you should get a CCNA I think CCNA is good if you go above and beyond that I don't think you need to like ccmp or any of those you know you kind of start getting into more of I want to be a network engineer versus I want to go be a pentester or cyber security unless you're going into like network security then that could be useful again networking knowledge what are your ports what are your services what ports are secure what's not you need to know all these things going into then building upon that is security knowledge so something like your Security Plus would be really good um layering in all of your security what's secure again what protocols are you looking for what's not secure uh understanding the the basic foundations of cyber security very important for us in cyber a lot of us know Linux I think knowing Linux is very important so just going through you don't have to get a Linux plus certification like it's not going to move the needle me I went and got it because I like challenging myself with certifications to test knowledge but ultimately you don't have to do that it's one of those that like just go go immerse yourself I I talk about it like it's another language like if you're trying to learn a foreign language it's going to be a lot easier to go and go to that country and try to pick up from the locals than it would be to just go do dualingo so go work and operate in Linux for a week or two just make that your main operating system and work through that see how it makes you feel see how the uh the issues you run into and then Google them and solve them it'll make you that much better at at learning it and then uh the other core Foundation is programming so you don't have to be a developer but you do have to know how to read code it helps with scripting it helps with automation as well highly recommend learning python or something similar and just being able to go out there and if you go download something from GitHub for example like an online repository you want to make sure that what you're downloading is safe especially if you're going to run it in a client environment and just knowing what those tools are so if you don't have that programming background that can be very dangerous and so those are the core core foundational skills you build upon it so again like I did help desk I thought help desk was great I worked for a manag service providers we had a lot of clients I got to see uh Windows Mac Linux all the different operating systems all different versions of things and it it was nice it was good and then working as network engineer prepared me to be a network pen tester and so um it was just kind of that gradual buildup But ultimately you need those those core foundations before you can kind of jump into the deep end a lot of people go and uh try to build the house without building the foundation you got to make sure that you build the foundation first A+ Network plus Security Plus Linux not necessarily the sech but get the knowledge programming Python and then am I ready to go for P&P or do I need to do something first yeah I mean you would need ethical hacking training but I would say if you have those core foundations you can go for pmpt uh we do have the junior like the PJP for example and the PJP is not going to necessarily go land you a job but it's going to kind of give you that confidence before you go into that deeper end of that training for for pmpt and there are other certifications out there like OSP is is good in terms of like hey I'm going to put this on my resume and this is going to get me opportunities and so it's kind of that nice um we call it gatekeeper certification it's it's a nice one to kind of get through HR um and and go out there for for skill set so yeah I mean just just getting the next step after the foundational training is really just honing in that ethical hacking training if you want to go and and be a pentester so p& PT will it give me a job it will yeah I mean if you go look right now and search for job postings we're on quite a bit which is awesome to see um but yeah you just got to I mean any anything helps really like what I tell people is for your resume you're being compared on a piece of paper so like certifications only go so far because you're competing with people on on paper that also have certifications a bachelor's degree may only go so far because on average most people have a bachelor's degree entering this field and so it's just one of those things that like how can you set yourself apart blogs help uh being a YouTuber could help uh going to conferences volunteering helps uh doing ctfs doing try hackme or hack the box or any like having a home lab anything that just shows like I'm really passionate about what I'm doing can help you stand out above and Beyond just just these certifications as well I love the situation you're in right because you you went on this journey and you were doing pen testing as an employee but now you're on the other side hiring so it's great to get your perspective of both sides right because like one of the questions was you know do I need to get Sears do I need to get a degree yeah I mean we we are in the weird place of being a training company that also is a consultancy most companies that do training aren't and so yeah we we do get to see people and hire and look at the the profiles of the average candidates and you don't need a degree I think it's more it's just more likely that somebody has one nowadays than doesn't like majority of our applicants I think it's like close to 80% have a degree of some sort but it and especially cyber is one of those fields that's so new that there aren't really great degree programs at most places that are out there like there are some great cyber security but with cyber security changes so fast that if the program's not constantly updating or you're not just doing policy work then it very well could be stale or out of date by the time you're even going through it and so um we don't necessarily look at a degree what I tell people is you have to weigh the opportunity cost of a degree if you can go for free and it's going to make more money long term perfect if it's going to cost you $100,000 and you're only going to get a $5,000 bump over the next 10 years it's not worth it so you have to really go and say what's this going to cost me what are the benefits and how much money could I have earned not going to college in that time and what would my salary look like and so just looking at opportunity cost ultimately do you need a degree no but it does check a box so if you ever want to go and and work for a place where it's a hard requirement that opens more doors for you if you ever want to go on and get a master's and maybe work management level that opens doors for you so it just depends on your situation and what you want to do same with certifications I've known plenty of people that have gone and gotten jobs with no degree no certifications anything but you have to be different on paper so if you don't have those how are you going to stand out maybe it's going and showing like hey I'm I work bug bunny hunting and I make tons of money doing this cool or I've got cves fine like what is it going to be that stands out for you that says I can replace that that knowledge because I have it here and so you're really competing on a sheet of paper unless you're out there doing networking which I think is very important as well yeah GL I'm glad you highlighted that so because what if you I mean basically answering the questions that I've got you like one of the questions was you know can I get a job without aert can I get a job without a degree and how do I if let's say I haven't got money for a CT I haven't got money for a degree how do I differentiate myself yeah that's great question um so go YouTube is an amazing resource there's tons and tons and tons of videos and content out there so go start watching YouTube you can learn everything that you need you just have to aggregate it yourself so go out there even look at look at one of our course curriculums and just say oh here's all the things I need to learn I'm going to piece this together and go go try to find this on YouTube put that together put a home lab together start working and just networking putting yourself out there like joining a community going to conferences getting to know people and just showing your passion can really go a long way who you know is just as important as what's on your your resume and so uh it's very difficult like for people in this field they feel like a majority of us are introverted so we we think about oh I don't want to go to a conference and actually talk to somebody that's weird uh so it's you know it's it's tough but you can still Network online linkedin's a great resource if you're watching this you don't have a LinkedIn definitely create a LinkedIn go out there and just start communicating and talking to people and what I tell people too is like you are always somewhere that somebody else wants to be because a lot of people are like I can't help you I just got started but if you're like two weeks along you're two weeks further along than somebody else was and so don't be afraid to go out there and and answer questions if somebody needs help because you want to be uh when it's you're trying to get help you want to have that good karma back on your side you want to be able to uh get what you take as well so you want to make sure that you're you're giving back as much as you're taking from the community so just put yourself out there and and I just tell people be a good person plant seeds and that will actually pay dividends in the long run yeah I agree I mean it's imposter syndrome is something that comes up a lot and I want to talk about imposter syndrome when it comes to teaching so you've mentioned that now I think also we had a lot of questions about like starting a cyber business so we'll come come back to that just for everyone I've put time stamps below again where you can jump to specific topics so I think you've answer this already Heath but CCNA versus Network plus if I want to become a penti like you oh gosh um Network plus is the is the bare minimum uh CCNA I think is the better certification it's more challenging it's more Hands-On it is Cisco based but you still learn a lot of the commands like yeah are you going to use that CLI you might I've hacked into Cisco devices and ended up having to dump out configuration and steal the the password and so you know there there are good uses for it but you are going to like Network plus has limitations of being a multiple choice exam uh CCNA you're actually going to get Hands-On uh CLI and be able to understand what you're configuring and why you're configuring it and I think that just does so much more for a learning experience and again the exam is more difficult by far and it's more challenging and so if you really want to like really understand the core foundations of networking I think CCNA is the better certif there let's say I do some pen testing SS can red SS be Ed for blue teaming absolutely if you actually look at some blue team job postings you'll see offensive security certifications on there because they're so useful if you know what the attacker is doing and the attacks that they're likely to perform it's going to make you that much better of a Defender um same thing like going from offense to defense just helps knowing the Playbook already so we get a lot of defenders in our classes and I think I mentioned it earlier but like our attack in defending actor director is more blue teamers that come through that than red teamers because it is that much more useful for them to understand the mindset of an attacker you mentioned this already but I think but let's highlight it because it came up a few times most important skills that I need to get as a penetration tester yeah so from a technical side again those corol foundations where you have help Des networking basic cyber programming and Linux going to help you tremendously I think what we don't talk about enough are the soft skills so again going out there in networking building a home lab going to conferences volunteering making a Blog participating in ctfs just doing those extracurriculars you don't have to do all of those just pick one and and do something to to show you're passionate about this and those soft skills go a long way to help Drive the technical and a lot of us are very technical but when you get into Consulting especially which is what a lot of cyber is you're having to write reports so you have to have decent grammar and and report writing abilities you have to give debriefs so you have to be able to get up there and talk in front of people and say here is your product here's what I did to your product and I'm sorry but you need to fix all these things and so like you have to communicate very technical things to people that may not be Technical and so there's a lot of just other skill sets that you need besides just being this technical individual so if you can focus on those soft skills it's going to help you tremendously on the other side of things we had quite a few questions and I'm assuming you get this all the time as well advice for getting a job but perhaps you can pitch it for different people he let's say I'm 17 years old and I want to get into and perhaps I'm later in life maybe I always I always laugh when people ask questions like David I'm 25 is it too late for me um so like let perhaps like what I'm let's say I'm 30 and maybe 40 can you give us like a like advice how do I move from whatever I'm doing now into like becoming like you sure yeah if you're if you're younger uh first of all I'm jealous because I didn't know what I wanted to do I didn't even switch into it until I was 26 so the the kids that are out there I see kids getting certifications at like 15 and 16 years old I wasn't even thinking about it at that point and so if you're younger just do your due diligence go out there and and understand what your learning path is especially if you're like 17 you have got the decision now do I go to school uh should I go to school what should I go to school for I'm a big advocate for computer science over a cyber security program I think computer science is a nice fall back even if you don't end up going into cyber you still have that computer science background which opens a lot of doors for you and so you have to weigh those opportunity costs again of hey is it worth going to college what do I need to go do uh building those core foundational skill sets if you're older and you're in a working field right like I was already working as an accountant when I made the switch to it it's a lot of it is just that transition period especially if you're making more money than you would be you have to kind of calculate that too some people are already making what 70 $80,000 and if you have to go cut back and say oh I'm going to go work help desk maybe make 4 $50,000 a year that is a pretty pretty tough punch to to take so you have to eval valate what where am I okay Switching so this is where it comes in where hey yeah it's nice to have paths like it's I I love my help Des experience and I took a pay cut to go on help Des but for some people if you're making a good salary you've got a family to support all those other things it may not make sense to do that so you may have to just sit there and study go maybe get an A+ certification but no intention to actually work a help Des job same thing you may go do Network studies but no intention there and you just keep building your skill set until it's time to actually go start applying for a cyber security role so you can have that maybe that transfer of salary that's close to equivalent and so everybody's situation is a little bit different the core foundational skills and what you actually need to learn are going to be the same it's just how you manage your time and what are your costs and where you at in life to be able to evaluate if you're younger hey do I go to school is it worth it what's the cost going to be that kind of thing versus if I'm older okay maybe I don't need college or maybe I have a college degree in another thing which is perfectly fine by the way like college is college it just checks the box like there's it is in in general and cyber in general are so new of a field that we don't hold a you not having a certain degree against you so it it's really situationally dependent but really going out there and getting those core skills and then building upon those are going to be important now I think it's great that you mentioned like you 26 you said when you moved into it right you accountant before that I was so I think people who are older or further along in their Journey have got other skills preps so has did accountancy help you sort of in your Jenny tremendously I mean uh I was a consultant in accounting so I was working in public accounting I was going in doing a lot of the same things I was doing technical work sure it wasn't it I was going out I was writing a lot of reports I was giving debriefs to CFOs and CEOs about their financials and so that consultancy experience really just translated immediately the technical work changed but I'm still writing reports I'm still giving debriefs I'm still doing all that and then yeah when I am running a business now I do all the bookkeeping and all the accounting and it's just helped tremendously for budgeting and finance and being able to plan and scale what we need to do so my back grounds helped absolutely yeah I'm the same I I've got a degree in eesy and it's amazing how that's helped me over the years especially in business right yeah I mean it's it's just skills that like go with you and they they they have a lot of applications outside of just the the accounting world I think I mean that's something for everyone to remember if if you've if you've done like if you've been a manager and you've had done public speaking that that's a great skill to use right yeah any of this like you can take any certain situation and and put it to a your resume that's what we tell a lot of people is this this field is Again full of people coming from different paths I've seen pharmacists doctors literal doctors transitioning into cyber lawyers um so you you have this other field and you just got to be able to say like here are the core assets or or skills that I learned while being in this profession that directly apply to this a lot of it could be customer service or those non-technical skills like you we're more inclined to want somebody it's easier to teach technical skills to somebody for us than is a teach customer service for example if you got a really good customer service background you're good with people those are a lot harder to teach so if you can like show those things off in your resume they actually do help quite a bit I think you've ODed this already but it's come up quite a few times do I need to learn to program they reference you John Hammond Ben many other people do I do I have to learn how to program like in Python Java Etc yeah I would say you need to be able to read code at a minimum uh being a developer takes time especially if you're not doing it full- time so like if you say hey I really don't love doing this then that's fine uh for me personally I didn't love development and until much later on in life because I realized how much easier it made my life as I started programming and so just being able to understand in and be able to read it is okay so what are variables what are Loops what are conditional statements like what are you seeing in this code that's actually happening so that way before you download it and go run it in client environment you know that it's safe how do you evaluate safety of code and so being able to read it is is fine you don't have to necessarily develop all the logic to be able to develop that's okay just depends on your passion ultimately and where you want to focus your time and energy it's not something that you need to be successful day one in this field a lot of questions about ai ai affecting pen testing you know there's worries about AI taking jobs they want to know you know how is AI going to change pen testing so perhaps you can give us like sort of your experience with AI at the moment and sort of where you see it's going yeah I I think right now it's a great assistant I use AI all the time uh for just any any little task that I can automate or even just put through and have it generate some information for me it's great yeah um even for YouTube videos for blog writing for day-to-day task even for programming like it will help save a lot of time but AI is confidently incorrect as well at this stage and so it's one of those things that you almost have to be a subject matter expert to know and to prompt and say hey do these things but you have to be able to verify that it did those things right because it doesn't know and so it's one of those things right now that it's it's a great tool great assistant great timesaver more productive because of it it's not something that's replacing a pentester in the near future 10 years down the road sure as as advancements happen I can't say that that's not going to happen but to be able to think like a a hacker it takes a lot of skill sets and there's no tool out there that's going to be able to dig deep and really think like we do like a human does not saying it's going to be impossible I'm sure it's going to happen in our lifetime but it's not something to be concerned about at least in the next decade um as we go but it's again it's just one of those things that as time changes we have to adapt and cyber security is one of those fields where you're always studying and learning the next thing or you are getting left behind so if you're worried about changes and you want a job that's just like hey I I want to learn this thing go to school for it and I'm done that's that's not cyber so AI is just a part of that that changing atmosphere I think ultimately it's in the next five years I could see it replacing low-level jobs like uh a help desk job we're already starting to see like chat Bots and things that are out there that are answering questions for you and you don't actually need to go out there and interact with somebody so I could see if you're on the lower end of the total Pole right now yes there there are some concerns there but from a pentester cyber security this is an advanced IT field I don't think I have any concerns about this right now that's great yeah because a lot of worries about that so at the moment if I wanted to get into cyber you'd still recommend it absolutely yeah I mean we're we're severely deficient I think we're still in the us alone 3.5 million somewhere in that range of jobs that we're going to need by 2030 and we we just don't have the people or the talent yet to to fill those roles you'll see that a lot of the the people that bounce around in the industry are people that already have jobs and because we don't have enough people to fill those those open roles so we need people if you're interested in watching this video this is a great field great way to make money it's great way to you come I come from a poor background and this was something that was able to like completely change the trajectory of my lifestyle because of uh because of cyber so it's it's a lot of work you got to really like to like the work and you got to like to study and and really be engaged with this but if you can it's it's amazing amazing field great work life balance for me um yeah just I wouldn't change anything I'm glad you I wanted to ask you about because there's more questions about jobs but let's let's talk about what you've just mentioned now so Heath perhaps you can tell us about your background right because I've seen some of your amazing pictures of the cars that you have these days and over the years yeah you really like your cars um but perhaps you can tell us your journey right um You didn't come from money but through hard work dedication and you know seeing what was out there you you've got to where you are today so perhaps you can give us like a quick overview of you know your story just for people who don't know you sure yeah I I grew up really poor um you know we were we were on government assistance basically my my entire childhood um I grew up an only child my mom was an only child my grandparents pretty much passed away when I was kid and so uh yeah thanks um my my mom passed away when I was 19 so I'm the last surviving member of my family and it was really at that point that was like a you know a turning point for me she had always advocated for for school I was first generation high school graduate in my family uh so obviously first generation college and everything else and um she was really big on just hey you really need to go to college make make something of yourself and so I I went through college I picked accounting because it was just a safe field it was something where it was like hey yeah I'm driven by money here and this decision because I need to make sure that I don't stay poor I want to get out of this and so accounting was one of those things like hey everybody needs an accountant uh we're we'll do this they make pretty good money for me I got out I was making $40,000 a year out of school 100,000 Plus in debt and I was working God I came to tell you 80 plus hour weeks and so when you calculate it was like Hey I could go work at uh you know work in fast food and make minimum wage and still be making more money than I'm doing right now working all these hours and so I got burned out pretty quick the work life balance is something that was really important to me and so I remember like I was just I was chasing money so hard that um I went and I ended up moving to the middle of nowhere uh to take a job for $55,000 a year um doing plant accounting and I just ended up with like the micromanager from hell I had just a terrible job I was driving it was an hour each way uh to work basically and it was dark when I left dark when I got home it just was one of those situations where it wasn't mentally healthy and so one day I I just literally it was lunchtime I put my my keys on the desk my card on the desk I went I broke my lease I walked out of my job and I just traveled uh ended up in New Mexico of all places but I just like started driving and ended up in New Mexico decided I was going to drive for Uber um and while I was while I was waiting for that I thought Uber was going to be a lot quicker than it was it took like a month to get in I found a job before I was able to drive for Uber but I I started just applying for jobs and so I knew that like I had a lot of computer experience and I wasn't like incredibly savvy but I I knew how to fix things and so I just started looking for like basic help desk jobs and ended up I remember the job that I actually got I sat there I was reading the job description it wanted three years of experience it wanted A+ and net plus all these things I didn't have any of that and so I was just like I I literally hovered over the X on that because I was like I'm not going to get this job and I ended up just applying anyway because I felt like I I could do the job and I went in there and I got an interview I was honest I said you know I don't know what I don't know I'll take less money to be here and I ended up uh going from that $55,000 a year job back down to a $40,000 a year job and um they they gave me the opportunity and I learned a ton and that's kind of what kicked off my journey and so yeah I'm a really big advocate for for affordable training because I couldn't afford any certification at the time um I was thankful enough to have somebody pay for the A+ net plus Security Plus that I went through during during my time in the help desk and then um I was able to get another job to pay for a CCNA and ocp and so um I wouldn't be able to do that on my own and they very expensive training expensive certifications I mean my CCNA training one of them I went through was like $5,000 yeah it was crazy in those days yeah and so it's just one of those things that like um you know I don't we don't ever want to see anybody be priced out of an education um or or training especially from countries where the the cost of living is significantly different than than the US so yeah um a big advocate for for trying to to change trajectories and cyber security changed mine um my my first job in cyber was I think $105,000 and that was like incredible um and you know it's only been it's only been up from there I know plenty of people making great money with just a few years of experience in this field I don't want to sell a dream and I don't also like I I don't like some some influencers out there U you know they'll they'll sell you like ah this like go work from a beach make you know $200,000 a year don't you don't like I I don't like that um and like I I want to stress this too like you can work hard and not be successful but you can't be successful F without working hard um I know plenty of people that make way less money than I do and work two times as hard just to keep keep up and I I am very aware of that um and so like don't just think because you bust your ass like you're going to be successful but if you you need it to be successful and so this is one of those fields if you are willing to put in the work though that you you can get rewarded for it and it it'll take you as far as you're willing to go and so it's just it's incredible right now and the opportunities are are just incredible for cyber I'm glad there's a few things I want to hit on there you you mentioned work life balance there's quite a few questions about that how on Earth do you keep up and you know maintain a healthy lifestyle right yeah uh for so for cyber in general I think like if you're going into like pentest job right uh or or whatever it might be asking about the work life balance during the interview I think this is where a lot of people fail like we'll get to an interview part where we say hey do you have any questions for us and people like no we're good no you should be interviewing the company that's interviewing you um what what is the training program here what is the work life balance what am I expected to do how what's the promotion opportunities what are my first 90 days look like there's a lot of good questions that you can ask um work life balance is very important for me when I was first looking for my my first pentest job I interviewed at several places um I remember one specifically was like 80% travel absolutely not I didn't want to be gone that long so you need to get these things out in the open ahead of time find somewhere even if if work life balance means more to you than a salary find somewhere that pays a little bit less but says hey you're guaranteed 40 hours a week here and that's it um you know there was one company that was out there and they were selling this dream of just like this awesome place to work benefits and then you start talking to the manager this is me and you you realize like okay well this is a 50 to 60 hour a week job I'm brand new and they said hey it's sink or swim we're not going to train you you just need to come in and be able to do this and I backed out of that that job process because I realized this is not the quality of life that I want so you have to do your own due diligence on the employers glass door is great go talk to other people that are out there and and working go talk to people that are EX employees get their opinion like it doesn't hurt to just go ask people what they think of a company or a specific job and and really just got to pick what's what's good for you but yeah as as somebody coming in this field uh work life balance is important for me like uh CEO it's like one of the harder things as as you scale and grow a company delegation's very very very important and it's one of those things that's taking me a long time to really be able to learn and and do something and it's it's hard because you you learn and you implement these processes and you get really good at doing them so something that may take me 30 minutes if I go show somebody how to do it they may take two to four hours so it's very easy in your head to be like oh you know I can do this in 30 minutes I'll just go do this but you fill up your day with all these little I could do this in 30 minute task and you don't have time to actually do the job that you need to do and guess what those people that are taking two to four hours eventually they're going to be able to do it in 30 minutes as well uh it it just takes time and repetition and you have to learn that hey somebody takes time to to actually build up to these skill sets that you already have because you've taken your time to build those and so being able to delegate those those tasks and focus on things that you're really good at is is critical uh for for work life B I love that I want to get to talking about like how you transition from like employee to the business and why you started it and advice because there quite a few questions about that but before that a lot of questions about are there still jobs and opportunities it's too competitive uh there's like comments about it's dried up there no beginner jobs but you you kind of mentioned earlier that you know there's a there's a there's a demand for people so perhaps you can answer like there's a bunch of questions about this like I can't get a job or you know all the opportunities gone sa is not as what it was what's your take on that Heath yeah it's tough um I I do believe some of it and I I've seen some of the other side that counter argues a little bit too so from from one side yes the the market dried up a little bit um there was you know a period of time where nobody was hiring I think we're kind of coming back out of that job job demand job growth is back up and so um was a lot of it was you know maybe quasi recession was looked like it was happening and so a lot of companies got scared started doing layoffs sure um for us plus we're seeing a lot of regulations and laws passed that are requiring pen testing and requiring cyber security so the field is going to continue to grow and need people yeah from somebody that is on the other side that sees a lot of resumés what I can tell you is that for every job posting that we actually put out there we probably get 10 good resumés for every 100 and uh I'm not saying all of the ones are bad but a lot of people are just putting the resume out there with no qualifications whatsoever at a job and then saying well I didn't I'm not getting a job or people not having their resumes looked at you may be qualified and if you truly think you're qualified like there's baby steps here if you truly think that you're qualified and you're not getting any callbacks on job postings and you're submitting enough quantity does matter like if you're saying oh I submitted to five jobs somebody call me back that's just that's variance uh you submit to 100 jobs and nobody calls you back that's a problem and so you need to have your resume looked at if you truly think like I should be getting calls back something is wrong with your resume um if you're starting to interviews and you're not getting past the screening stage or the first interview then you need to really sit down where am I failing is my technical knowledge not strong are my soft skills not strong what can I be doing better and so it's baby steps along the way and I think a lot of people are really failing at the resume stage I get some really bad ones like I get I think I've seen an 18 page resume I'm not reading it I'm just throwing it away yeah like like you your P resume should be one maybe two pages depending on how much experience you have um if you're an educator like a researcher cool you you're expected to have longer format resumés but for most people one to two pages is enough and so you really need be able to tell me your story and especially if I have a hundred of these that I've got to look at I'm flipping through these quick you got to pass the eye test that's what we call it and and so what does that look like like show me your education your training your certifications whatever it might be right up front or your work experience whatever I need to see it needs to be front and center I shouldn't have to go digging forward on a resume so I think a lot of people fail there too I I think like overall the if you're interested in this field keep studying put yourself out there get your resume looked at there are plenty of opportunities for people trying to break in you do have to go out there look for them Network for these jobs too like if you're not out there talking to people like you're you're putting yourself at a disadvantage because people are going to hire or more likely hire people that they know or have met before than they would be just some random person so um this this all goes back to a lot of core foundations here but I I think there's plenty of opportunity and to break in you just got to you got to be able to be utilizing the right resources to do so that's great I quite a few questions about should I go directly into cyber or get a different job first I mean your journey was help desk um network engineer cyber and I love what you said that everyone's journey is different I think there's so much truth in that we all have our own unique paths but you as a general you know rule should I go directly into cyber should I go into help desk what's your what's your take yeah again everybody's journey is different it depends like if you're if you're making 80 grand right now and you're going to try to go to a $440,000 job uh it might not make sense right like and and so that that depends on your situation but ultimately like I don't regret anything that I did I loved working the help desk I think I had the most fun in like learning experience- wise because it was just I just absorbing everything new um network engineering was great the pentest job was great so like if you want to take that path great I'm not going to be here to say that's the only path to take I I think work experience is good I think it's useful I I think it makes you a better pent tester but can you still go out there and be a great pent tester without having that experience absolutely so you just have to do what's best for your situation I love that so Heath let's switch gears you went from employee to running a business to scaling a business I mean scaling is hard perhaps you can give people advice who want to start their own pentesting business perhaps like give us the history of you know why you decided to start your own business sort of the lessons you've learned you know if you were talking to your your younger self today like I want to do this today what's your advice take us down that Journey sure yeah so for us how we started was actually I was part of this community and we were in a slack group essentially and we started identifying other military members so I'm I'm former military and so we just started identifying other people and it was kind of that familiarity just getting know people that are trying to transition into cyber security and so every time we we talk to somebody and they're like oh I was in the military it's like oh cool Jo join our our DM we just add a new DM and we'd make it uh it got bigger and bigger and then slack gets to a point where I think it's nine people you can have in a a DM so we went to the the channel and we said hey will you start for us just a private military channel and we just add people and they said well you're too much of a liability what if you're sharing secrets in here and so we just went and started our own slack and so that that slack was called vetc or veterans SEC which is still around today uh it's a 501c3 now it's a nonprofit and basically was just meant to help people transition into cyber and and so as part of that program I started just creating these videos for YouTube where it was like basic networking skills uh I think I call it like networking for hackers and then just making like basic ethical hacking videos and just putting them on YouTube for the betet group and those got picked up elsewhere like it started taking off on YouTube unintentionally and it got to the point where I was working as a pentester and there were clients coming to the company I was working for and we saw Heath on YouTube we want Heath to work on our projects and so I didn't see any Kickback from that I was like ah you're gonna give me like give me like 10% here you know and nothing no no referral bonus nothing and so that's where the light bulb went off it's like hey they're making money off of me and my likeness but I'm not seeing anything from it I could probably go do this on my own and so um I have a video out there if you actually go look on my channel it's talking about like hey I quit my job to go start my business and that it talks about like that was like day one of my journey of here's how much money I'm making I was making $140,000 a year oh thank you yeah I was making $140,000 a year and was like what do I need to make in order for this to be successful Journey so first of all you have to have six months of expenses saved up if not more to be able to say okay I'm going to go out there and live off of this with with no income really coming through and how am I going to make this money so like I I kind of talked about like where I'm going to go how much money I need to make what's my break even point because you're now paying both sides of taxes you're paying a lot of extra things as an employer that you're not paying as a individual when you work for a company and you got to do your own benefits all that fun stuff during that process um I I had a couple of clients reach out and my my big thing is like where was I going to differentiate I thought we were going to be a consulting company so I went out there and I started made a Consulting website um started doing Services we got a few clients I think the first six months which was our first year because we launched in June we did like $40,000 in Revenue wasn't a lot but what was kind of cool is it gave me a lot of time to do other things so I still was working on live streaming uh because I didn't have a full-time job I was working on creating course content and I ended up actually creating the Practical ethical hacking course um which took off for us so we were able to launch that and I remember the the sales just being astronomical in the first week I couldn't even believe it and it was really just like going off of things that hey these are all the the trainings that you know I wish I saw before I became a pentester and let's make this affordable training and so it just dropped that on you to me and it took off and it felt like overnight we became a training company that did Consulting as opposed to a consulting company that did training and so just kept doing uh doing that like I I got more Consulting gigs from YouTube and from UD to me and then just started releasing more courses and content uh eventually we grew to the point where UD to me didn't make any sense for us anymore so we launched our own Academy platform that allowed us to bring in other creators and pay creators for um you know kind of basically hey we'll we'll advertise your courses you have them on our platform we'll have a revenue split and we did that helped us scale more eventually released a pmpt certification and so again just wanting to do something different that wasn't a multiple choice certification that took off and did really well and so these little scales happened and and because of the income we were making we were able to hire a developer developer an exam platform because we were not scalable at all like when the pmpt launched you had to reserve a time through a calendar link we could not reset your exam if somebody was starting their exam we could not stop an exam if somebody was starting or resetting their exam so we had to follow a very strict calendar we were able to build an exam platform that allowed for self-service and autonomy so if 10 people right now go start an exam that's fine or if you're going to reset your exam you can do it so helped on help Des tickets and all that and we were just able to build so that allowed us to scale our certifications our Consulting Wing has scaled our it's allowed us to hire content creators and we've been able to build out our Academy with other courses and so it's just been this progression that has grown um significantly for us and so for me um if I'm giving you advice know what your your area of concentration is going to be and how you're going to differentiate um so if you're going to be a Consulting service for example you want to start your own consultancy cool how are you going to differ is it going to be on Price is it going to be on reputation are you you're going to start locally and get clients who who's your vertical going to be for us it was going to be reputation so I know like I'm I'm well respected on the internet as a pentester people think that I have the skill set they know that I have the knowledge cool I'm going to go off that reputation so I'm not going to charge the lowest price I'm also probably not going to charge the highest price because i'm not competing with deoe and those other bigname companies that are charging for $500 an hour so you have to understand your price point where you belong hey maybe you are a cheap company maybe you're local and you're affordable maybe you target a specific vertical where you go into medical pen testing or whatever it might be you have to say what is going to differentiate and how are people going to buy from me and not my competitor you have to have money like you have to have your money saved up ideally you have money as well to spend on the business like having a website having all the startup cost um being able to have tools that you need you're looking at probably anywhere from2 $3,000 to $5,000 and if you want to get even a little bit better like logo design and not go through like Fiverr for everything have a really good quality product you're probably looking at a little bit more so how much money can you invest and then being able to sell like how are you going to sell what you you're going to go local you're going to go knock on doors you're going to cold call people uh you know are you going to have good SEO are you going to write blogs like what is your long-term plan to be able to get this business running depending on your your funding and what you might want to do could be your trajectory like SEO is a really good one um I have a good friend that that that runs a consultancy and they did it all on SEO and and basically learning how to write blogs and build that out and so it could be something where you start writing blogs now you build that website start investing some money while you're still employed and making money and then as the lead start coming through cool then you you start answering those leads get some business and then build that up so you just got to be careful like with your your non-competes and those sorts of things as long as you're not like going and taking clients from your current company and uh working through those things like consult a lawyer first on on a lot of this stuff but like uh there's there's strategies that you can take but you really just have to understand who you're going to sell to how you're going to sell it having money saved up and how you're going to differentiate as well yeah I mean one of the questions was like prerequisites to start a pen testing agency or company I think you've kind of mentioned that any other ideas yeah I mean you don't truthfully you don't have to be a pentester to start a pentesting company like if you're really good at sales I know people that have no idea about cyber security at all but they just are really good with calling and talking to people and you have to learn the the pain points of a company and be able to sell them on things but ultimately like I If you're going to go start this and you want to do it right you know if you're not good at sales then definitely being a good a good technical person um sales and marketing are probably the two biggest areas to start funding first so if you do start getting money in spending money on marketing spending money on sales don't go spend money on like PPC or you know cost like cost per click type advertising like don't go advertise on Google or LinkedIn right away it's very expensive like and if you don't get it to tuned in like we we we tried it early on where we were spending $30 a click and you're talking people were Googling literal pen testing and we were getting clicks for that and so it's just like you need to make sure that it's fine-tuned it's very expensive just go out there and write blogs do SEO uh there's a great book that's called they ask you answer and the the core concept of this book is hey if somebody's asking this question you should be writing a blog or content about it and there are no dumb questions so what what somebody would ask you you probably want to write a blog about and you know I again I had a friend that literally lived by that book and they grew a consultancy and and had a had great success with it it seems like social media putting stuff out there is great to do for an individual but also for a business right yeah absolutely I mean our our social media following is significantly larger than most cyber security companies uh and it helps because we don't do any outbound sales most companies are paying for for advertising and and things like that but you have to have a big budget usually have investors we are bootstrapped we don't have any investors so it's one of those things that's like we have a team now that's great but before yeah it's just posting on social media and getting traction word of mouth and we've always called the consultancy especially just the snowball that runs downhill uh because as more people talk about it as you get that more clients that reputation people are coming back it just gets bigger and bigger every year and uh for us it's it's been the way to grow it but there's you know everybody has strategies it just depends on where what how much money you have as well to be able to allocate to certain things I mean you've got the co where you're teaching skills right one of the questions was you you need to create a webinar or a course on how to start a cyber security business yeah it's it's uh something I've thought about it's just kind of like I don't want to be that guy that like you know goes out there it's like ah take my course for thousand and learn how to be a millionaire and all these fun things like I don't I I don't want to sell anybody a dream because there's there's a lot of things here um you know like I I read a really good book a couple years ago uh it was called 12 months to one million I think it's really great and the whole time he's just like entrepreneurship sucks like it it really does it's not like him trying to tell you that like you shouldn't do it but it's just like I'm telling you the reality of this it's long long hours and like there's a lot of just things that you could do everything right and still not go right and but like I wouldn't trade it for anything but like you got to understand before you get into this what you're getting yourself into because there it is a lot of work um but yeah it's it's something I've considered I just have to go about creating a course like this very delicately but uh something that could happen at some point I mean that's what I love about you eth it's a you're not trying to like sell this dream like the the lifestyle like you know work 4 hours and you'll be a Millionaire on the beach like you said you know it's important to give the reality run yeah I mean you you've got to work really hard I mean there's there's light at the end of the tunnel and there's you know there's opportunity for exits and things like that but the amount of work that goes into it like we we just see people's successes online and that's really hard um and a lot of people are like a I think I can go do that and sure like I you know I encourage people to go try it's just like it's not made for everybody and so like you you just have to kind of that's one of the hardest parts of running a business I think this one of the questions earlier too is like for for me the hardest thing to learn has been people and like there are really good people like that I've had to let go from the company that I consider really good friends but like you have to make those decisions that just suck sometimes where um you know is how do I get somebody to work better or perform better and if they're not what do I do in that situation it makes it that much harder if you're hiring friends or or people that you know um and just being able to manage people everybody's different like being able to know hey this person needs or wants micromanagement but this person doesn't need anything just let them go do their own thing and you can't just manage in one style and expect to be successful um so there's just it's a lot of learning curves along the way and and big Journey along the way especially as you scale managing 10 people versus 25 versus 50 they're all it's all different so um you just have to kind of brace brace that impact that's that's coming and again it's not for everybody but if it's something that you're truly passionate about like I would not go just for another company again I I can't see that happen but your degree I think you did some business stuff in the past right that helped you yeah I mean I've got the undergrad in accounting I've got a MBA and so it's it's one of those things that yes like having that business experience helped and really business school was unique in a lot of ways like sure you learn the the the book stuff but they were teaching us like way back then like how to how to build a LinkedIn to network and how to go out to social events and network going and meeting people how to dress we had a literal like event on how to eat like where where your fork and knife went how you put your towel like and it's it's all invaluable like what you should order what you shouldn't order and a lot of these things are just like intangibles that you you just don't know about in business until you get into it so um yeah I think business school helped tremendously with with what I do do you need it to be successful no but it's one of those things that I definitely give a lot of credit to my success I think it's like when you do business right it's technical skills are important but they're not as important as the soft skills 100% like if you're going to be a uh CEO especially and you're running a business you have to like you have to put yourself out there you have to network you have to go do things and it's a lot of it is a a hustle I hate the the term hustle culture but it's like a hustle mindset if where you have to just work really hard and really just hope that like you're planting seeds that are eventually going to go somewhere and yeah it's it's a lot of extracurricular activity especially early on we've got quite a few questions about quotes costs any advice you know I I I like what you said where you know you got to find your Niche or your unique selling point how do I charge for what I'm doing yeah so everybody's a little different here um I would say do market research on what competitors especially in your space are charging like if you're just doing a medical vertical for example it might be different than just an overall consultancy so do some research go out and figure out like there's if you go look online you can find people's quotes put put publicly especially if they're bidding like an RFP or something like that uh and so you can find out what people are charging we do it very simple um like I know another company for example that had an actuary come in and they go down to the price point per IP address and they have a full Excel spreadsheet that they type in the whole scope for us we just look at the scope as a generality and we say okay well I'll give you a rough example like we're going to charge you 250 an hour and we think this is going to cost uh this is going to take 40 hours to do this work $10,000 right there you know 40 times 250 you get $10,000 that's our quote and so you just kind of learn over time as like this this is where the experience comes in with being a pentester or working consultancy is you you can say okay I know this is going to take me that long to do all these things I want to charge this hourly rate I'm just going to give this this quote out and so you got to figure out what what your rate is going to be what the competitor rates are where is your sweet spot for us we positioned right in the middle and uh yeah you just got to you got to figure out where you're going to be in that so um everybody's a little bit different on pricing but especially early on like you you probably charge less a little early on and then you kind of build build out like we have clients from when we first started that we're still charging significantly less to clients that that would start now and just kind of a a thank you for being a client with us and we're not going to raise prices on on that but like you you just have some of those you don't want to be like it's a fine balance too you don't want to be too cheap like you don't want to be cheap and then everybody goes out there and says oh go use this company because they're cheap you don't want to build that reputation either unless you do want to build that reputation just depends on where your positioning is but I will say I didn't you agree with this I always like to say get paid to learn if you in a full-time job then learn some of the stuff that's not exactly your job and then you can learn while you're getting paid so when you decide to go on your own you already know this stuff yeah absolutely I mean I like I said I think that going out there and if you're starting to work on blogs and build SEO and build traffic to your website before you leave your job that's better because it takes three to six months for SEO to really kick in from something that you've written and so you want to be able to generate a lot of traffic that way and so yeah like the more you can do on somebody else's dime the better off you're going to be in the long run because you're not sitting there just just hoping money's coming in so you have to have a backup plan you have to have like a lot of fail safes and you have to know when is the point that I need to start looking for a job again if this does go south like when am I going to run out of money I love what you what you explained in that video where you had like your whole financials and you were showing exactly your costs and your income and like what would happen if you didn't earn any income it's so important that people do that I see too many of these I love the I love what you said like influencer selling this crazy lifestyle you're like give up your job and just do this it's like a really bad advice rather do it on the side do it side hustle first or you know make sure you've got all your fail safes in place especially if you got a family yeah I mean you you got to do your research for sure and research your influencers too right like there's somebody out there like one in particular I know that's just talking about how he went from broke to being rich as a as a pentester but like in buying all this property but if you like do some ENT like his dad owned all this property he was already rich to begin with and they're just like selling you a dream for clicks so like you got to be very careful on what information's out there and like do your due diligence go look at go look at rdit go look at LinkedIn do as much Googling and information as you can and and yeah just like you got to got to build your own um your own narrative and your own process I love it I think it's important that you give us The Good the Bad and the Ugly so tell us like the bad things you know it's important so people aren't sold a dream that's not going to be true yeah I mean there's like there's just literally there's people out there that are telling you things that just will not happen unless you like are incredibly successful and it takes a long time and a lot of work to to be successful like there's opportunities like if you want to be a business owner you're you're going to have the most uh you know the highest ceiling essentially like you you will make the most money you're not going to make nearly as much money even if you go management sea- level track you're you're talking like 20 plus years of work to get to that so if you want the most potential yes it's going to be going out and doing your own thing but that's also going to be the most work and you're going to have to make sacrifices friendship sacrifices family sacrifices time like you're going to miss things and events because you're working you know I I remember specifically like very early on uh when we launched the pmbt we only had one other person on help Des so like I was working help Des while doing training while doing other things like I was working all the roles that I needed to do marketing everything I would be at like uh we we would go to basketball games because I love basketball I would be at basketball games a ticket would come in saying hey I need an exam reset well I had to go in log in to our server from my phone and perform a reset while we're sitting there waiting like I was working non-stop pretty much like uh we had an overnight shift person that was working um basically eight hours overnight I was working those other 16 hours on the health desk like those are the realities of what you're doing when you're a business owner you are working all components and you're working all the time and even if you are out with friends and family like there's a chance that you're going to have to disappear for something else and it sucks like it's a lot of sacrifice early on you have to have like you need Buy in from your friends and your family to to go start this before you just say I'm going to go do this I I I think that's very important to get your your spouse or friends or whoever is blessing um because they are a part of this too and they're going to lose a significant amount of time with you as well so you have to to make sure like everybody's on board with that including yourself yeah I mean I love the um you know the you're balancing the look at the success that you can get and the money that you can make but be aware what's involved and I'm really glad that you're saying that yeah I mean I don't I don't want to be up here selling anybody a dream it's it's fantastic lifestyle I wouldn't change it for anything but you you have to know the realities of it too you have to know what you're getting yourself into so let's switch there quite a few questions about remote jobs is it possible to you know get certified and then get a remote job even if I'm not say based in the US perhaps you know what do you see on the market these days yeah uh let's start us first yes yeah absolutely especially since co co kind of like accelerated the process I think but we were already moving to full remote like as a company TCM security was was always a remote company um but you see a lot of companies now that either launch and are always full of remote or because of Co have shifted and just never went went back pentest consultancy especially like even sock to an extent like can be done remotely like we ship a laptop we don't have to go on site we charge you a lot more money if you make us go on site so um it's one of those things that yes these are jobs for the most part that can be done remotely I do think there's some benefit to working in office especially early on like if you're learning from other people and you're able to go like actually sit down and look over somebody's shoulder to see them do something that there's very very nice benefits for that but um ultimately you just have to make sure that you're joining a team like I I think that's the biggest concern is joining a team that can say yeah we're here's here's a good training plan that we're going to have for you if you do this remotely here's how you're going to be able to Shadow and watch and learn from other people and making sure that communication is there I think that's the hardest part and what's missed the most about being on site but totally you you can work remotely in this field and I think there's plenty of opportunities out there for remote work um you're obviously closing more doors if you're not open to to working on site but if you're your goal is just to be remote then by all means just be patient and wait for a remote job because they are out there uh for other countries it's a little tough like for us we we do hire uh International um we we hire them as contractors because we don't have like actual businesses in those countries and and so we have opportunities like that there are some green card opportunities here but basically what it there there's some difficulties right like you in order to be able to work for most most places work as a resident of another country for an organization at their company in their country you are taking a job away from somebody potentially in that country and so the way they look at it is you have to be skilled enough and there is not enough talent pool for from that country then they have to go out and hire from somewhere else pen testing is one of those especially the more senior you get the more likely you are to get a job in one of those positions but like um it's one that's pretty difficult I've seen some unique ways of people doing it like um I know some people that have come out to either Canada or the US for a master's program utilize that to then find an internship or job and then they they got sponsored and were able to stay but it's it's a journey it's not something that's going to be an easy feat but yeah there opportunities are out there especially with larger companies U but you you have to be able to be incredibly talented to do that so um it just depends on your technical skill set and a little bit of its luck as well Heath I'm studying I've just started it's overwhelming I can't it's too much what am I going to do that's that's a good question we we feel that we feel burn out a lot and so I think prioritizing how you're studying and understanding what you need and what you maybe don't need right away is is good as well and then taking breaks is good I'll give this all an example but um when I was studying for my pentest journey I was already P all my foundationals um I was really getting through I was doing the ocp and there back in the day there used to be a whole section on Buffer overflows and that section I got to and I just like did not understand I wanted to stop like it was really impeding everything that I want to do I knew I had to get through it but it was one of those things that was like you know what I'm just going to back burner this right now and I'm going to go study something else that excites me and so I actually went back through and just did all my other studies got through everything else I kept building that momentum again kind of like a snowball downhill where hey I'm I'm just building this momentum I'm getting more excited and I I decided like I'm going to study the things that really excite me and I'm going to come back to some of the things that don't and sometimes you have that luxury sometimes you don't like you need to study networking before you go study networking security so um sometimes you have to get through some of the boring stuff to get to the more fun stuff but um I built upon that I went back and then I studied that understood it and then I went out there and I taught it and that helped me retain it as well and so it's one of those things that like you you need to prioritize on what you think is best for you and what's going to keep you more motivated and if that includes skipping sections perfectly fine taking breaks is very important uh it's easy to burn out especially if you're working a full-time job or you got a family or just studying full-time doesn't matter like this is very easy field to burn out in so it's those things that like hey take a day off or I see people they get a certification and go right to the next one like if you've got the momentum and you're feeling fine perfect but like don't be afraid to take a day or a week off or if you need time to just like decompress before you go back into it perfectly fine and so ultimately you need to find the motivation like nobody's going to find that motivation for you and that's there's some reality checks like if you're if you're studying the basics right now and you really hate it and you don't think like this is for you it's possible that it's not for you like you may need to listen to your yourself and say like I you know I don't actually think I like this stuff so and I've had people I've had people come to me and and thank me literally like somebody came to me and said I I loved your class so much because it told me like this was the career I did not want to do and yeah it's like you you realize like hey maybe I want to work in cyber maybe it's not pentesting you know and so you you got to find your path and everybody's a little bit different but make sure you're taking breaks and mental Health's important make sure you're you're spending time with people and getting away from the books um you know there's the books will be there when you come back just make sure you're you're finding that balance and it didn't happen in a day right your journey was a number of years yeah many many years and that's the thing is like we we live in this world of social media where all the positivity is is brought to the top but you don't know what people have done and all the failures behind the scenes that go on you don't know the journey and so like we talk about impostor syndrome and one of the big things that I always say is like run your own race and your your goal is to be better than you were yesterday and so if you're running like say you you want to run a six-minute mile and you idolize somebody that's running a six-minute mile cool uh I'm running 10 right now well I'm not going to get to 6 tomorrow but if I can get to 959 tomorrow and then 958 the next day and slowly work up who knows how long that person's been running uh and same thing like you're going to find people that are just naturally more talented than you like and they're going to be great they're going to accelerate at a faster speed and they may learn two times faster than you do that's fine run your own race no like all that matters is that you are doing what's best for you and that you're studying at your own pace and you're getting better a little bit every day and that's all you need to carry about it's cool to idolize it's cool to say like oh like I want to be like that person someday but don't be like oh that person's better than me because that's that's an unhealthy mindset um you can be competitive and and try to get to places but as long as you're competing with yourself a majority of the time I think that's where you really need to be I love that everyone's journey is different everyone starts at a different point in life compete with yourself yeah absolutely I mean some people are like literally you can some people just go out there and run never running before a 7 minute mile and you're sitting first time running and you're running 10 cool like you're naturally more gifted and talented in this area I'm going to have to work maybe a little bit harder to get there it doesn't mean at the end of the day that I can't be better than that person if I want to be or maybe I'm content be running a 7even minute or mile or eight minute mile like whatever makes you happy at the end of the day and you're improving that's all that really matters like you you got that self-improvement you're getting better just each day there's a question about tools that you use so a few about like as an example if you have Windows do you use WSL uh how do you hack like ad and then also programming languages do you use rust or python or C+ plus perhaps you can just tell us like some of the tools that you use and recommend yeah so our base install is uh it's a Windows machine so if I ship a laptop out to a client to do a internal pentest which is mostly active directory uh we'll we'll ship a laptop that is base windows and then you also have a virtual machine with Cali built on top of it and so I can log into that Cali machine I can do all my Linux commands anything I need to do in there um from Windows there's some Windows command line things that I can do in there as well different tools like I prefer to run nessus inside of Windows versus running it inside of Cali and so just depending on the toolkit that I'm using C Linux comes with a bunch of of awesome tools already built in um we've got a publicly available tool that was written by one of our staff members uh named DeWalt and he his tool is called Pimp My Cali so like if you want to know what we do when we perform a us we literally install Cali run Pimp My Cali under the new feature it installs all the tools that we use and need and then we go off and do that so for for us uh nessus like a vulnerability scanner is really important um there's a toolkit called impacket which is very important uh for ad pen testing uh responders is very important so it just depends on what you're doing but all of our builds for the most part are running Windows and Linux at the same time um if I'm doing a web app pentest you can run web app inside of uh inside of Linux I prefer to run like burp Suite outside of Linux I prefer it on Windows machine again and I'll run it there if I need a specific command or maybe a tool that's just easier to run inside of a Linux machine I'll do it there um from a programming language standpoint I think python is a great first language something that you should definitely learn um building upon that if you want to learn scripting I think bash is great like I'll build a lot of Python scripts and then automate it with bash and so that way it just runs on like a a specific uh you know shell script or whatever I need to do and that's good Russ is good too Russ is more I want to say like it's higher level but lower level too like it it's great um you know like depending on what you want to do if you're getting into exploit development um C++ could be really good or um C could be really good too just depending on what you're doing um Powershell and C are really good for development for like windows-based uh tools and and exploits so it really kind of depends on what you want to do ultimately like if you're getting into exploit development and programming that way depends on what you want to learn uh but if you're just like hey I want to like automate some things I want to maybe build out some basic tools Python's enough and and Bash is on top of that is is perfectly fine bash isn't that hard to learn after you have some programming uh foundations it's probably last question maybe uh but I'm going to throw it to you as well but one of the questions was top cyber myths I mean we've spoken about myths you know overnight success you know you don't see the hard work but any like myths that people are believing that they should be aware of I think the success one is the the biggest one right like people are out there and they're selling the idea that everybody's making six figures everybody's making big big six figures right like this is luxury luxury lifestyle it's it's true to some some people are doing that but for the most part like you're going to probably start at a lower salary you're going to have to work your way up you're going to be constantly studying um I would say one of the the myths is like you can just Coast in this career you can't Coast um this is one of those things like this is for personality types that love to study like I absolutely love learning new things and I that's what one of the things that excites me about cyber for some people they do want to just come in and say I've I've learned what I need to know I'm good this is not a fi for that um but so yeah if you're if you're willing to put in the work you can get to those those higher salary points over time but it's one of those things that's going to take time so don't again don't think overnight success is going to happen I I think the hey there's there's no opportunities or or roles out there um is is a myth as well there's there's tons of opportunities there like this job market is growing you may need to Pivot into other areas like a lot of people try to jump In The Deep End right away I want to be a pentester that's great but what have you done to be a pentester have you gotten all the necessary certifications are you going out there and you're networking you're you're trying to get into a field that is like like you're you're saying hey there's no entry-level jobs but entry-level job is like help Des uh entry-level job for cyber security is like a sock analyst you trying to like skip the line and go all the way you're trying to get into like Cal three or four without having done Cal one and so is is it possible yeah a lot of self-study go out there and learn resources build up your your repertoire get into that yeah absolutely but um I think a lot of people need to step back and maybe look and say okay maybe if I go work as a sock analy first get some experience continue study then I can break into cyber into other place like don't be afraid to dip your toe in another water to get to where you want to be down the road so it just depends again we talked about situations but just depends on every situation but there are roles out there there are positions out there and I'm all advocating for shooting for the Stars when you you put your resume in but don't go put a resume in for a director level job if you've never worked in cyber either like we see that and so like you're just muddying the waters and um you know we we are more likely to discard your your email and your resume if you're submitting for jobs that you have no business for and so like other companies are doing that too so just just think through these things but really that's it like I I think that this is a great field I I think that like you just have to you have to be aware of the the work that goes into it great great rewards if you're willing to put in Network it's not for everybody burnout is real um and it's one of those fields that like it's not for everybody but if you if you can do the time and the work and put in that effort the the rewards are are really great for for what it is Heath I want to thank you so much for sharing you know giving back to the community just for everyone who doesn't know I've put a bunch of links below including Heath you got to tell me how many hours of free training is there on your YouTube channel gosh I I don't know like got that long course sorry I'm referring to that you've got your like part of your course there right yeah yeah we've so our practical ethical hacking course we we update all the time and so yearly we pretty much put out the updated version of that at least the first half of it and so that way you can go out there and kind of learn the the foundations ethical hacking before getting into like the active directory and the web and the the more advanced stuff so if you're looking to just find uh you know a course to kind of see hey is ethical hacking for me that's a great starting point and there's 15 hours of content there to sit and for you so Heath you're very wellknown great YouTube channel very active on social media but just preps for people who are seeing this for the first time where can people reach you and perhaps if they've got questions like Reach Out do you have a Discord something like that yeah so we you can find me on LinkedIn uh Heath Adams uh on YouTube is the Cyber mentor and pretty much any other social media platforms the Cyber Mentor I'm not on X I have an account there but don't but don't bother trying to message me uh TCM security across all platforms is a great way to get help too so if you go to LinkedIn or or X or uh Instagram or Facebook where we're everywhere and then yeah we do have a a Discord channel so if you go to discord.gg TCM that'll take you to our Discord Community which is really good like if you're looking for somewhere to just go and interact with other people we've got a lot of things it's not all just TCM like that is where we give all of our course support but also there are channels for uh computer programming and networking and blue teaming and different certifications beyond our own and just ways to talk to people about different topics and really engage with the community and that type of Engagement is really good networking so if you're looking for a place to go and meet people and maybe potentially interact and find a job like doing so in a Discord channel is a great way to find other people that are in this field and and be able to communicate network with them so for everyone who's watching please go and subscribe to Heath's Channel getting close to a million he wants to get to a million as soon as possible so please go and sub show the love and also go and look in Discord you know it's it's amazing about networking amazing how much you can learn just by interacting with other people so I've put all those links below go and watch the videos go and interact and network with other people really appreciate you sharing Heath you know and inspiring the Next Generation and making it easier right so you went through the hard journey and there things that happened to you that perhaps weren't the best way of going um like some of the Sears that you did that perhaps weren't the best and I really want to thank you for giving back to the community and like lowering the prices no I appreciate that yeah the the goal and for anybody watching should be your goal too is to try to make it easier for the next person behind you um you know a lot of people are so busy like lifting the barriers when they should be removing them so um just just challenge yourself to do that and how how can I make this journey easier for the next person that's great Heath thanks so much yeah thanks David I appreciate it [Music]