Firstly, thank you to Bohdan for asking Kim to join us on the TADSummit Podcast.
Here is Kim’s current kickstarter project, she is self-publishing, “Cybersecurity Careers Guide Book.” This is a guide on how to get into the cybersecurity profession, which is about to see an explosion in recruitment.
Cybersecurity for too long has been treated as a cost center. Given the recent hacking of the PSTN in the US, cybersecurity will be an integral part of all businesses. With regulators setting requirements on cybersecurity.
Kim has published a number of books, see her Amazon Author’s profile.
- The Pentester BluePrint: Starting a Career as an Ethical Hacker
- Hacker Culture A to Z: A Fun Guide to the People, Ideas, and Gadgets That Made the Tech World
- Cloud Penetration Testing: Learn how to effectively pentest AWS, Azure, and GCP applications
We had a highly interesting podcast, I’ve edited it down to 40 minutes, to keep it focused on Kim’s important insights.
Kim is a professor at the Open Institute of Technology, where Kim teach Master’s degree students how to pursue the wide range of cybersecurity careers.
Back in 2023, in preparation for her book, Cloud Penetration Testing. Kim worked on AWS, Azure, and GCP as well as the applications and services unique to each platform. Understanding the key principles of successful pentesting and its application to cloud networks, DevOps, and containerized networks (Docker and Kubernetes).
This she considers this Ethical Hacking, and sharing her learning to help people build the skills to enter the cyber security field, and the field better protecting itself. Through that work Kim gathered drawer fulls of Hak5 devices.
Bohdan then asks about her Flipper Zero, a portable multi-tool for pentesters and geeks in a toy-like body. It loves hacking digital stuff, such as radio protocols, access control systems, hardware, and more. It’s fully open-source and customizable, so you can extend it in whatever way you like. Yes, we do geek out on what it can do.
Kim brings a wealth of experience across companies such as AT&T Cyber security, BlackBerry, NGINX, Synack, Hack The Box, Kaspersky, CloudDefense,ai, Peerlyst, etc.
Kim made an important point on the difference between penetration testing and hacking is consent. Hacking a platform to test is important for Ethical Hackers. That’s what Hack The Box provides.
On the hacking of the PSTN in the US, Kim brought up an important point on how will they differentiation between national and international hacking. North Korea will not march in carrying a flag, they will use multiple proxies.
That brought us onto a discussion on the FBI and CISA recommendation to not use the PSTN, rather an encrypted messenger, like Signal. Which Kim has used for a long time. Bohdan highlighted at even Signal was hacked in the Ukraine.
Kim used a great analogy on the move to HTTPS accelerated through having a significant downside through not using it. Your site didn’t rank, and people received a warning note on your sites security, I think we may need to do something like that for messaging. Else the NSA’s depreciation of SMS for OTP was made and ignored. Also back in 2022 a Twilio data breach exposed 1900 Signal users numbers.
Both Kim and Johnny are in agreement of their distrust of Meta, which extends to WhatsApp. Not for the data in transit, rather once its in the Meta backend. For me, is it a concern, but it’s more secure that SMS. There’s an interesting discussion on Apple, that as long as your security is aligned with their business objectives, you’re safe.
Johnny brought up the threat facing the whole of the CPaaS industry on A2P SMS, as the FBI and CISA are advising people to not use SMS. I countered that we’ve been here before on the NSA depreciation of SMS. It was ignored, While Johnny thinks the public concern is high enough to justify action. We’ll have to see whether the public acts, or ignores, when their action is required.
Bohdan raised the issue of Ethical hackers moving to the dark side. Kim clearly emphasized the importance of education across society, and especially within families. About half our life is online, with unique risks. Kim was targeted as a 14 year old, family love and support is essential. Education must play a much more significant role as we face new challenges.
On the shift of some ethical hackers to the dark side, it’s all about the money. Though hacktivism is also a factor.
Please contribute to Kim’s kickstarter project, she is self-publishing, “Cybersecurity Careers Guide Book.” This is a guide on how to get into the cybersecurity profession, which is about to see an explosion in recruitment.
