A (0:02)

You're listening to the Cyberwire Network, powered by N2K.

B (0:12)

Ever wished you could rebuild your network from scratch to make it more secure, scalable and simple? Meet Meter, the company reimagining enterprise networking from the ground up. Meter builds full stack zero trust networks including hardware, firmware and software, all designed to work seamlessly together. The result? Fast, reliable and secure connectivity without the constant patching, vendor juggling or hidden costs. From wired and wireless to routing, switching, firewalls, DNS security and vpn, every layer is integrated and continuously protected in one unified platform. And since it's delivered as one predictable monthly service, you skip the heavy capital costs and endless upgrade cycles. Meter even buys back your old infrastructure to make switching effort, transform complexity into simplicity and give your team time to focus on what really matters, helping your business and customers thrive. Learn more and book your demo@meter.com cyberwire that's M E T E R.com cyberwire. Hey everybody.

A (1:31)

My name is Eric Escobar. I am a penetration tester, which basically means I break into corporate networks on a daily basis. So I always wanted to be an engineer of some sort. Wasn't quite sure what kind of an engineer. I grew up playing with Legos, building things, taking things apart. So it was one of those things that it was a pretty easy thing. When my family was like, you know what, you should go into engineering. I was like, hold on a second, I can get paid to do what I just do for fun. Like that sounds kind of cool. So I took a, like a survey of engineering class when I was in high school and my toss up was like computer science, computer engineering and civil engineering, which are far different ends of the spectrum. And so I basically like picked between the two of them and I picked civil engineering. So I went to school and I got a four year degree in civil engineering and a master's degree in civil engineering and started my professional life as a civil engineer. And now I'm a registered civil engineer in the state of California. So I could still technically build a building, build a hospital, build, you know, whatever, whatever you need to. But yeah, just took that degree and leveraged it right into cybersecurity. I've always loved computers. That's why my second choice is going to be like computer engineering or computer science, something along those lines. And it was one of those things that as many situations happen, your roommate from college comes home and you're like, oh, I want to do something fun, like what are we going to do? Go over to his parents house, manage to break into their wifi or just do some, you know, like, nefarious hijinks that's completely harmless. His dad gets home and is like, whoa, whoa, whoa, whoa, whoa. How did you guys, like, what'd you guys do? And, you know, I would come to find out later that he is like the, you know, director of security for some cybersecurity company in California. And he's like, hey, how about I replace your engineering salary and you come worked for me in the cybersecurity arena. I was like, okay, but I don't know anything. He's like, trust me, if you could do whatever hijinks we did, you know, enough to get started. Your mind is in the right place. So make the hop. And I haven't looked back since. So went from being civil engineer to working on, like, the blue team or defensive team for a company called Barracuda Networks. And then basically I just got involved in the whole, like, infosec, so information security, like, culture. We did, you know, into DEF con, went to a bunch of different conferences, and at one of these conferences, I, you know, was just chatting with somebody and, you know, we hit things off and he's like, hey, if you, if you're ever interested in moving over to the red or the offensive side of things, you know, we'd love to interview. So, you know, a couple interviews later and I started working in an adversarial role at SecureWorks, which is currently where I am now. And I've. It's like, dream job, 100%. I basically just make the analogy of I'm a bank robber for hire, and companies will come, hire SecureWorks to try and break in and steal everything that they hold dear. Right? And all companies are different. And, you know, on any given day, I commit several thousand felonies. If I didn't have permission to do what I do one week I could be breaking into a literal bank, the next week I could be breaking into, you know, some type of tiny hardware or just a website. When you work in one level of, like, security or like, you work for a company in security, you typically deal in only what they deal with. Whereas in my role, since we go through so many different companies testing their security, you get to see the inside of several dozen networks maybe in a given month. Right? And so it's, it's awesome because you get to learn really quickly on your feet. And yeah, you're, you know, any, any type of expertise. It's really easy to say, like, hey, I don't know, but let's learn, like, you know, learn by doing kind of a thing. The best personality trait is curiosity. Because, you know, there's. Sure, there's a lot of items that you have to, like, go through and, you know, check the box to make sure that you did it correctly. But there's always that, like, huh, I wonder, if I did this, how would either the program, the hardware, the website, how would it respond? Then from there, I feel like if you have the natural curiosity to say, how does this work? And what happens if. Then it kind of blossoms out into, like, whatever other personality trait that you have. You know, our team is filled with the most weird, ragtag, you know, group of people. You know, you have a civil engineer like myself, we have RV salesmen, we have physicists, we have electrical engineers, we have, gosh, I mean, you name it, everybody is. Has those weird, quirky traits. And I think the one that unifies all of us is we're all curious about how things work. And that's what's really nice, is that there's no one archetype of a hacker pen tester. It's completely across the board. I think the collaboration piece is key because, again, there's nobody that knows everything, right? There's no one that even knows 10% of everything. You know, that if you need to get on the phone with somebody, hey, this person's a real smooth talk on the phone. Let's pick them up. And so having just that, you know, the list of skill sets as they go across the board, and so pulling from everybody's life experience, and then everybody's also spread across the globe, and that's. It's all, you know, a whole other crazy thing dealing with time zones. And it's like, you know what, let's tap on the Japanese team to see if they've ever encountered X, Y or Z. And so it's that collaboration is absolutely key, especially when you don't know everything. Just start. Start listening to security podcasts just to learn the vernacular of, like, what words are commonly used and how things are phrased, and then just start going and looking for either if you want to get involved in, like, a bugbending program, or if you don't know anything at all and you're starting from scratch, there's like $30 Udemy courses that will walk you through, you know, your first years of pen testing from setting up a full active directory domain and how to compromise and common misconfigurations. I've had, oh, gosh, maybe three or four personal friends now that have come from all walks of life. That have, you know, gotten their OSCP or in progress of getting their oscp. And even just if they're in progress, it's led to jobs where, you know, one of them used to be a former pastor and now he's in information security. Right? So it's, you know, there's a whole bunch of different windy paths, but really, first thing is just get started, learn how people talk about, you know, in the industry, and then go after a certification, if you can. Like, my whole thing is, like, if we can just teach people in a fun way, like, that'd be great.