7 Comments

  1. If the content is deemed worthy to someone they will pay for it. There are people making hundreds of thousands of dollars a month (pat flynn, john dumas, gary vee, tim farris) selling knowledge and experience as content. All the cheap skates unwilling to pay for content that will help them grow and improve will fall behind those that are willing. Wealthy people invest huge amounts of money into themselves. It is why they are wealthy.

  2. I really like the direction you’re taking your platform and content delivery system. I wasn’t expecting you to bring back the classes although I can definitely appreciate you deciding to start them again.

    You’re no CBTNuggets or Pluralsight. Those companies have their own form of value they offer people and you’ll find yours just the same. You’re already willing to offer very valuable knowledge for a fraction of the cost. Those who enjoy your teaching style will greatly appreciate you for this which is valuable in itself as a form of continued client acquisition.

    As an aspiring penetration tester already in the security field, there are 3 main areas of focus in broad overview: Programming, Operating Systems, and Networking. I can appreciate having a reliable source to reach for if I need to familiarize myself with an AD environment for example. Pen testers that have spoken at conferences and in webinars will often advise newcomers to the field to learn how to build something before you try to hack it or break it.

    This is especially important when you’re dealing with a web developer, sysadmin, or network engineer. Being able to speak from the perspective of someone who’s actually built and configured a secure system before will give your advice much more value. As opposed to looking like an idiot when they realize you don’t know what you’re talking about. Your work means nothing if they don’t take your recommendations seriously.

    • I’m sorry if I misunderstand your text, Jonas, but are you saying that the conferences where you went, penetration testers are giving n00bs the advice to learn how to compromise a secured infrastructure? I dropped the “…how to build…”, I know, but the way that I read that line, it’ll serve the same intent.

      • Hi Ann,

        You understood my text correctly and the logic actually makes sense from the perspective of being able to understand what you’re doing when poking at something. Active Directory is a great example that gets highlighted often. Setting up a basic AD environment in a home lab isn’t that difficult to do with VMs.

        I valued this advice a lot because it really does help one see things from the sysadmin perspective when you’re later trying to poke at something with no GUI. Script kiddies often don’t understand the implications of what they’re doing at a system level if they’ve never built of worked with one before.

        • Ok, in that case, it’s fine by me! I got a sort of a heart attack because I thought that the message they bring to n00bs was sort of: “Go online and do as many unauthorized attacks as possible because it’s by “hacking” that you become a highly skilled penetration tester”. I don’t need to explain that this isn’t a very clever idea.

          Now that I know that you’re talking about a lab environment, it becomes a whole other story. In fact, that’s not just and only a good advice, but it’s a huge part of the daily job of a penetration tester.

          You know that every network has his weaknesses and you have to assume that also your network is vulnerable. It’s your job to find and secure these vulnerabilities before a hacker infiltrates and drops his exploit to cause a breach or whatever.

          Anyway, how’s your OSCP going?

          • Hahaha, I suppose I should’ve clarified but I didn’t want it to turn into a blog post. But yes the idea is you start with the basics of getting it first setup and working. Then you break it. Once you break it then start asking yourself the questions ‘okay, how could have I prevented that?’. You build on this to eventually learn what works and what doesn’t in regards to configurations. This applies to anything from servers to networking devices, even applications.

            OSCP status, derailed. Holidays and end of year stuff at work swept in and it’s made it difficult to have the energy to focus. But, that’s no excuse! I’m wrapping up the sections on buffer overflows after which I’ll follow up with a new blog post and video.

  3. Is it even worth your time arguing with people about why your time is worth something? You should charge them a fee just so they can have the pleasure of letting their words go in one ear and out the other. Maybe that will give them the hint they need to put two and 2 together… comes out to two2, by the way.

Leave a Reply