 Come back to the Cyber Underground. I'm your guest host, Rochelle Mansilungan. It's great to be here again. Dave and Andrew are not here today, so they asked me to guest host. I have a great show for you today. I have Orlando Galindo. He's going to talk to us about pen testing. I also have Joy and Leanne from KCC. They're going to talk about the community tech fair that's coming up next month. Let me just introduce yourself a little bit. Talk about yourself. Orlando. Yeah, sure. My name is Orlando Galindo. I'm currently employed with KPMG and I'm here today to talk about penetration testing. Okay, and then Joy. Hey, I'm Jai Olas. I'm from Kapilani Community College and we are organizing a community event. It's a free event and we'll tell you a lot more about it later. Okay, great. Yeah, and hi my name is Leanne Del Vega. I'm the engineering coordinator at Kapilani Community College and I'm really excited to be here. Awesome. So I'm a graduate of Kapilani Community College. I graduated in May 2017 with an IT, but I'm now at UH West O'ahu. So I'm proud to help my school. And I'm also hoping Dave will do this once a month but I don't know. Nobody else in my club wants to do this so I always have to do it. Okay, so let's start off with Orlando. I know that you're going to be teaching our on the pen testing. Yes, correct. Maybe you should could you talk about like what pen testing is, penetration testing? Absolutely. Well, pen testing pretty much incorporates a lot of things and what it essentially is is looking for any potential vulnerability and exploiting that. So that can range from anything from social engineering where individuals will go into an organization and they'll actually through personal interaction meet an individual and try to detect vulnerabilities within their process and procedures. How do they greet people, you know, trying to bypass certain things, even things like lock doors, things of that. So there's physical penetration, there's actual like through conversation getting as much information gathering as possible and then it gets into the more renowned where everybody thinks of penetration testing being is the ethical hacking aspect where they actually involve technologies like computers, coding, scripting. Right, so in my club, well I still helped at KCC so we've been doing penetration testing. So when we first started out with Dave, we pretty much just did whatever we could like we didn't even have any like we took classes but we actually learned all of that. So we went it was kind of like finding our own way to do things like phishing emails, we made our own things so this is actually pretty good to have for students to just kind of learn because I know there's a lot of people that want to go into pen testing but would you recommend someone to do that like as a student like to do that right away or I know that you don't get a job right away to be a pen tester, right. So do you recommend them being like more around it because that's what I heard because when I interned at the state I interned for this CISO so he would tell me that you know you gotta look at the big picture. Right, not just oh I want to be a pen tester. Right. Which most people do right work with IT. Yeah there's a lot of ideas and stereotypes and like pretty much everybody has a certain image, painted image or perspective and that has to be quickly, you have to be able to change your perspectives instantly. Most people for example will think that penetration testing means that you'll be working alone, that you're isolated, you're just on a computer going at it. When in essence it really does incorporate a lot of business philosophies such as project management, planning things, being able to make a formal deliverable that is professional quality so that way you can present that to the client so that way you know they hired you to find their exploits and when you give it to them it's in a nice formable, formal deliverable. That way you have evidence, track records, histories, things for auditing purposes and there's a lot of group dynamics so you have to work with groups and penetration testing actually involves other individuals, a team including client interactions so there's a lot of things that goes into it for sure besides just you know the attack that's behind it and knowledge. Because you kind of talk about like how you got into your position right now like did you go to what schools you went to? Absolutely so I did start at Casey's University. I did have to look at the whole picture of where I wanted my career to be so I did start off with liberal arts, get a lay of the land and after that I essentially decided that IT was the field that I wanted to it started off with video game design, graphics, CGI's, art and then after I was fixing my computer for most of it I decided hey a lot of people have this common denominator they need computers fixed so I got into IT and that led to networking and server administration. Then as you see a lot more of these breaches occurred to big companies and started showing that the next niche, the next market was the security aspect besides that I also noticed that there's the business endeavor of it so even though you could be very intelligent in the computer science aspect of it there was really that liaison that in between business and technology that I felt there was a high demand for and that's why I started focusing on the business aspect of IT So do you think you need more soft skills? Because I know there's a lot of there's that stereotype that you know they're introverted and talk majority what I'm the opposite and what would you think? What do you think? I definitely say that is the primary thing to I highly encourage individuals to do that the thing I like about the colleges and the classes I took was the speech classes learning how to do presentations as well as working in groups that was a high dynamic that is really applicable to the real world scenarios for sure and I it was always explained to me from my mentors that that you know skills can be taught you can either learn it from your colleague other individuals in your practice as well as self taught self-study but when it comes to that soft skills you know how do you engage with clients the body language active listening how to present information that is something I think is more important to focus on as far as growing So after KCC did you go to another college? Yes I went to Minoa and that's where I went to MIS Management Information Systems So I had a way out where it was do I go into computer science then I become really focused in like computer programming things of that nature Like you said you like the business aspect right? I like the business aspect because it was a high emphasis on that soft personable skills and you do have a lot of individuals who are really intelligent but then when it comes to articulating or expressing that information or passing it knowledge transfer there's a lot of restrictions usually self inflicting and that most people don't know how to address and with business I felt it was a great avenue to to kind of work on that exercise that And so I know that it's important to take certifications so what kind of certifications do you have or would you recommend them taking? Oh absolutely I have a lot of certifications I have my MCSC I have my CISSP my PMP I also got my OSCP and there's some other ones that was industry specific depending on whatever engagement my current employer had me on I learned the technology so for example with ServiceNow and that was a lot of database and javascript things so it really depended on scenarios but did your company pay for these or did you pay it on your own majority of it they did they gave me great opportunities to do so because I know a couple of them cost over 600 or more right 600 plus in some cases a thousand my company has excellent benefits and they really did provide they have a high emphasis on training to continuing your knowledge and they promoted it and they allowed me to do that and I'm internally awesome so what do you want to talk about a little bit more about the pen testing like when it is yeah absolutely so penetration testing especially for the focus of what we're doing in class we're not really touching on the social engineering aspect of it where we have human interaction we're primarily focused on the actual technical penetration testing so using your computer so they have to have VMware correct the requirements for this course so you could have it directly installed on their computers but most individuals like their operating system to be windows and Mac so in that case to work around it you have a virtual machine a VM with the Kali Linux is what we're going to be using as a primary operating system a distribution version distro version of Linux to be installed in that VM instance from there they'll use that tool to pretty much scan work look for all the servers and find possible avenues of exploitation so this is a three day event right during spring break so I already signed up so as of last night from our point I don't know I think it's a 25 students 25 students so that's pretty good so I keep trying to encourage my club members from KCC and UH West Oahu HTC to join so I think we have a mix and I believe there was also some UH Manoa students right from the ITMA which is I'm also alumni right right so we're both coordinating that right with you that's awesome I can't wait for that so and then this event is actually at the ITM I lab innovation lab correct if you guys ever been to that lab oh my god they have like the 3D pretty although they have that at KCC I remember when I was in house class we had a field trip there and we could make our own little thing oh yeah I think I still kept that thing awesome yeah because that's when I think that's when they first had it and they were just like showing it off to students for I don't know I like that thing oh my god we have a more developed 3D lab they only had like one you can come back anytime great I can't see did you want to add anything else some Orlando like I'm like what are some advice you want to give to like students like as like for myself so cause like I know that we all take like our have to take like those certifications and all that but a lot of us don't have money so what would you recommend like us taking like definitely looking for grants any options there things like that to get additional funding companies that are willing to pay for training that's a great option too and it's a catch 22 because they're like hey gotta have this experience you gotta have these how do you get it right what I noticed too is if you develop and cultivate that experience for yourself you I mean certifications are great I mean it looks great on paper but if you're able to put that down in another like area on your resume for example and when it'll attract those buzzwords will attract the employer you'll land the interview once you are in that situation that's where yours is free reign for you to talk about your experience about it ideally it's great to have it in real world work situations and scenarios but if you for example let's say you want to be a pen tester set up a bunch of vulnerable labs set up a bunch of VMs virtual machines that are purposely exploitable or in some cases build your own exploitable servers and you'll start to learn through the action of doing and then discontinuously to hone in on those skills redundancy is mastery so if you just continue to do that you'll engrave the mind and when it comes to that interview process you have factual data you'll be more comfortable to talk about it and you'll be a knowledge matter subject matter expert cause you can actually say you kind of try to do it cause a lot of my friends say it's just a piece of paper actually that's a good point when I was studying for a lot of the certifications sometimes you're not directly involved in the field yet but through studying through the certifications you pick up on these buzzwords, these terminologies and you'll start to educate yourself just by studying so we're going to I know you're part of the ISC squared so we're going to talk about the NCL the scholarship they have for high school students so when we come back from break we will do that let's see what else and then we can talk about also the community tech fair which is in April 7th correct awesome you kind of know about that NCL high school right okay cause Ronald Yoki wanted me to talk about this he couldn't come on the show today so I don't want to butcher it I know he's watching so I'm sorry but I'll try my best okay is there any other take away that you want to bring up or anything absolutely anybody who is interested in getting to the industry especially dealing with big firms just a word of advice is even though you have a specific goal set in mind which is great do your due diligence of maybe expanding and going beyond that don't be afraid to try new things you don't know you like it until you try it cause there may be other avenues and expertise and careers that are out there that you just didn't know about and the big firms will give you that opportunity give it a try if it works out great if not you know why you don't like it anymore another thing too is don't be afraid try it even though these tech terminologies can be overwhelming there's always new technology just hang in there study, learn about it if you don't know it and always take notes not just mince one though so we'll be right back we gotta pay some bills and we'll be right back on the cyber underground okay that's you I want to know will you watch my show I hope you do it's on Tuesdays at one o'clock and it's out of the comfort zone and I'll be your host RB Kelly see you there hello everyone I'm DeSoto Brown the co-host of Human Humane Architecture which is seen on Think Tech Hawaii every other Tuesday at 4pm and with the show's host Martin Desbang we discuss architecture here in the Hawaiian Islands and how it not only affects the way we live but other aspects of our life not only here in Hawaii but internationally as well so join us for Human Humane Architecture every other Tuesday at 4pm on Think Tech Hawaii welcome back to the cyber underground I have my guest here we were just talking about pen testing now we're going to talk about the national cyber league I know when I'm on the show I always try to promote this because it's an ongoing registration right now so Sunday is actually the last day to register to pay for it's only going to cost $25 I think after that it might cost a little bit more but the new thing that they added for the NCL they included high school students now so for those of you that don't know the NCL the national cyber league is a defensive and offensive puzzle based capture the flag type competition so it's a good learning ground for not just college students but it's great that they also included the high school students because I know there's a lot of high school students that are interested in cyber security so this is a good way for them to just practice and like real world kind of things that could actually happen in like a company right so I know that so Orlando he's actually part of the ISE squared right and so I know they just recently revamped their whole organization so there's actually going to be I think it was just announced on Wednesday that they have a scholarship ready for high school students but they need to act on this fast because registration ends on Sunday March 25th and I believe the time is at 8.59pm local time so we have to make sure I'm trying to promote this as much as possible and I know it's the first the program provides 100 cars for each is it $35 I think grand total for $3,500 correct and so I think they're going to give so the last time I was here we talked about the girls go cyber star so they're going to give those girls heads I think first what do you call it like transfer applications like the windows for and everything no so they're giving them chance first to apply exactly application and so it's a limited basis kind of scholarship so we're trying to encourage it and do you want to talk about who else is part of this scholarship well actually you pretty much demise it really well the target is essentially the ISE squares doing a lot more one of the pillars is giving back to the community and to also strengthen the practice and what we're noticing there's a high demand but there's no supply when we mean by that there's a high demand cyber but there's not a lot of individuals who can staff it and a lot of organizations are actually hungry for that but what has been identified to address this issue is of course education and education is to start young so targeting individuals that are in a certain you know get them started early in the career and that way they can build up interest in it and then by the time they actually are of age for employment they're already hitting the ground running they already have a head start there's less learning curves for learning to try to get those skills and everything like that and then once they hit the workforce and I know for the girls cyber side that was pretty I know that that that event was pretty successful from what I heard from Hioki so that's actually good so for this event so like I told you it's March 25th and then oh I know so there's also going to be I think they're also going to provide training sessions for these students so I know they were asking if they could be mentors for this event I'm actually registered for the NCL along with my other members this is going to be like my third year doing it I'm not the best but I think I've got it better throughout the years but I love it and I go hard when I do it and it takes a lot of your time so I'm interested to see how these high school they're probably going to be better than me who knows but I mean it's okay for me it's a learning process and it's just it's for experience and it's fun so that's the whole thing it's fun and we do it as individually and then as a group afterwards so I think that's great have you done the national set really easy? No I haven't personally I believe you're professionals Yeah there's plans for that I will with me teaching giving back to UH and everything like that the whole UH system definitely we'll take up the next course of actions because I know that the great hats they're going to participate in this yeah the great hats as well exactly Tyler awesome okay so let me address you guys so I know you guys have a big event I remember when I was at KCC you were planning this for like and then when you finally emailed me like oh yes and I know I'm not the president there anymore I passed it on to James but then I didn't see them so when I saw your email I was like oh my god yes we got to do this so that's why I suggested that you know we all help out not just that club at KCC but everyone at the whole entire hats organization so we're very glad to help you and you guys are going to come and talk about yeah so we're going to have our own table we're going to talk about internet safety awareness and just some cyber security tips when you're online and then I know we're going to do some kind of something we're going to have our computer and they're going to test like issue pps that kind of stuff now because the whole idea is this is going to be a community event and so it has to be it's not a professional it's going to be kind of like basic but fun so hands on that's what we're working for yeah so I'll tell you a little bit more about this event it's going to be on April 7th this Saturday from one to four in the cafeteria okay and some of the fun things that we're going to do perhaps later I'll talk about it's our little animal oh okay I was wondering what this was my phone's not there there you go there you go might not stay there you go one of our engineering students actually 3D printed some designs Joy really wanted something that anyone could use since a lot of people have cell phones we wanted to make something that they could use from their desk very functional also they could get this yeah and this is free right it's free they can choose between three colors and maybe about four designs and they can watch it print and we'll have some pre-printed some kids just like to sit down and watch it print but that's okay but do you know how long it takes to print it's about 20 minutes and sometimes you can print a little bit faster too well you're going to have more than one yeah we'll have three printers if anyone is interested we have two taskbot sixes and one taskbot five printing at that day and this is the first time we have this event because I don't remember this from the other yeah this is the first time we are organizing it so we have a range of like school clubs so we've got the stamp people we're going to show some new media clips because they do a lot of websites and animated movies or the creative media we have guys are coming the IT clubs coming then so we have a student club to promote what's happening at KCC we also have community clubs so we have Hawaii, Mac Mac and Apple user club the eyes of Hawaii so these are people from the community coming to share their skills and their passion and they're going to come in at a level that can talk to our community because we don't want we don't scare people away this is not a professional conference or anything like that but we also have the big box vendors coming so Microsoft is going to come with their VR and virtual reality related activity for people to try so they're also going to bring like the Xbox, some microcoding and surface but they're not selling anything so there's no pressure it's just for our community to come together and just celebrate technology and have fun and it's all free I know that you asked us if we could help with wiping clean the hard drives so that's actually something special you're going to donate to people bringing their devices and we're going to donate it to Hawaii Hope and Hawaii Hope is an organization they reuse some of the parts as well as some of the computers it can be anything iPhone, laptops, anything they can reuse it I believe they also that organization helps people they need they need a computer they would also let them have a computer so they have reached out to schools that need or school clubs that need that's great so bring as many as you have to get rid of because I know I have a lot in my basement I'm not working you have some I just recycle them into my in-home data are there any food or anything we have a couple of vendors coming from the farmers market because the farmers market is on that Saturday right? but they are in the morning a couple of them are going to come in the afternoon so it would be mainly snacks and beverages not full meals so it's strictly just in the cafeteria the farmers market stores are going to be on the great lawn but our event where all the big box vendors and our school clubs and our user groups are going to be inside so it's going to be upstairs as well as downstairs and what else do we have we have of course door prizes so that's another freebie lots of door prizes and a lot of vendors have giveaways so if you start by their booth and ask a few questions and I think one of the most exciting things we're going to have another user group that's coming, it's called Eyes of Hawaii and they're going to take people around for a photo walk around campus and they're going to have different themes so you can sign up so this event is actually on April 7th from 1 to 4 so we have our, so this is what I sent up, they're no fly but they have a website as well to look up and then contact the bottom contact me 734-9352 are you still looking for volunteers oh we welcome volunteers we people to participate just come and join what is your expected because this is the first time we're doing we don't really know but we've reached out to a lot of schools awesome all our community centers and we're hoping for a good turnout okay great guys so thank you so much for having coming on the show so I do this like once a month I have to always think of topics so this is great that I always try to find something that's going to come up in the coming months so ours is next week would you want to talk about that again, this is the pen testing just really quick yeah absolutely so we're going to be doing the pen testing that's going to be from the 28th to the 30th that's the Wednesday through Friday next week that's what I'll be doing on my spring break no break for me actually on that day before that I actually have to present a pen testing project that I've been doing with my clubs so you're already your mind's already in the right state you love this stuff I know I do thank you so much for joining us on the cyber underground I'm your guest host Rachelle Mansiloy and we'll see you again next week Dave and Andrew should be back Aloha