I don't do you thinks it's been very helpful.
It's our first question. This one I'm gonna give Thio I'll have 10 start with when job surging. How would someone answer the What experience Do you have a question relative to cyber security if their experience is in the gray area without incriminating themselves? For those who don't already know, Gray Hat hacking is sort of this quasi legitimate term
discusses the people who have performed
Perhaps, you know, black hat or malicious or bad guy activities, or have also, you know, performed security analysis and positive, beneficial in support of an organization. Ah, lot of times we're talking about great hacking. We're talking about people who went bug hunting, found a vulnerability, talked to the company about disclosing it, and then either
the company didn't react fast enough for didn't react the way they like,
and so they just throw that vulnerability out into the world. Sometimes you talk about gray hats as black hats who are what we call activists, and I don't call them that normally because I think that term is it's like nails on a chalkboard to me. But it's a term you hear in the media a lot. And those people who are performing, you know, black hat and potentially malicious hacking
to pursue something that they believe to be a moral right.
Great example that would be like people who work for Wikileaks. You know, whether or not they are correct in that moral right is its own question. But the people who are pursuing these these goals are generally people who are working for something they considered morally superior than whatever law breaking.
So that's the question Can how would you describe your job experience without incriminating yourself?
Well, rule number one is Don't say Hey, Yeah, I hacked the Pentagon, you know, on Friday and I did this, but but think about what you're doing. So if you are in that gray area, if you are a black hat hacker looking to convert to the other side, then focus on like what you're actually doing, right? So I'm doing these things with these particular tools. You know, I've got Lennox knowledge at this level,
you know, whatever task you're actually doing,
you know, again, without incriminating yourself. So don't say like I did. You know, I did this against this particular company or this type of router. I just mentioned that, you know, in my own practice, I've done these things on my own, you know, lab environment or something like that. So
it's, you know, you're in the gray area there, so just don't way. Can't give you legal advice. Let's just say that I know Joe is eventually gonna go to law school, but not yet. That's way we're going to keep driving in there a couple times in this video. We are not lawyers. Nothing we say in this video will constitute legal advice. If you take what we say is legal advice, you're not going to have a good day.
Just head. Yes, yes,
Yes, more. More than likely Not gonna have a good day. So yeah, really? Just break it out. You know, that's s anything even if even if you're not in the gray area and you're just trying to learn different things, you know, practicing things, you know, in your own labs, bust out those things, you know, into a document or some kind of demo video where you're showing like, Okay, this is what I'm doing. You know, this shows my skill level
for this particular area,
and that's the biggest thing. That's what employers want to see. They want to know because I could send a resume and Jorgensen went in. But if neither of us really has the hands on skills where we can prove it, the employer doesn't know, like who's who, right? They don't know if I'm better than Joe. If she was better than me, by the way, we're both the best. Exactly. Yeah, exactly. Every we know everything.
No one knows everything. By the way, if they're telling you that they have, like no skills, that's a good good, perhaps, but anyways digressing a bit there, but really just showing your skills right? So not showing a legal skills. So figure out whatever illegal stuff you're doing or gray area stuff you're doing. Figure out the actual skills there
and what you can present to an employer. One of the best things that you could do
if you're someone who is engaged in activity that would be classified as you know, illegal or would be considered a breach of laws and regulations. One of the common ways that people sort of self rehabilitate and become white hat hackers or
sort of, you know, get involved professionally
is by publishing their research, doing it through the proper disclosure and revealing that information in the company or the organization first, giving them the opportunity to actually handle that problem and then publishing it in a safe, secure, sort of responsible fashion.
And that's a way that you can kind of make that transition. You can take a lot of things you're doing that may have been sort of quasi legal or illegally uncertain and move that back towards something that you can talk to an employer about. Uh, you know, I would say the best way to avoid incriminating yourself is not committing crime. That's generally
I'm willing to say that that's probably advice that a lawyer would give you is don't commit crimes,
but yes, in general, just whatever you can do to translate your skills back, just sort of a more abstract way you're gonna you're gonna see some success with that