Welcome to episode 134 of the Nerd Journey Podcast [@NerdJourney]! We’re John White (@vJourneyman) and Nick Korte (@NetworkNerd_), two Pre-Sales Technical Engineers who are hoping to bring you the IT career advice that we wish we’d been given earlier in our careers. In today’s episode we share part two of our interview with Donovan Farrow. Donovan shares his experience as a business owner, a board member, and some great advice for getting into the cybersecurity industry.
Original Recording Date: 06-30-2021
Donovan Farrow is CEO and founder of Alias, a digital forensics and cybersecurity company based in Oklahoma City. Go back and listen to part 1 of the interview with Donovan in Episode 133.
Topics – Advice for Getting into Security, Mentorship, Running Your Own Company, Deciding Correct Services to Offer, Board of Directors, Closing Thoughts.
2:18 – Advice for Those Investigating Getting into Security

* Donovan describes the type of person who would find it interesting.

* If you’re someone who is sitting at home at night tinkering in your lab trying to figure out how things work, you may be right for this industry.

* Ethical Hacking vs. Pen Testing

* Pen testers "break stuff." Pen testing is a formal contract to break into a company.
* Ethical hacking is something you can do on the internet. Finding an exploit and reporting it without changing anything is ethical hacking.

* Bug bounties to harden your products

* Donovan shares a great story about DefCon and car manufacturers awarding money to hack into a specific car model.
* DefCon is no joke. Attend with caution so you don’t get hacked.

* The types of skills needed for the industry

* Certification path requires Knowledge and experience
* How can you break into a computer if you don’t know how it works? There are many building blocks, and some of the best hackers know about building computers, firewalls, networking, and Active Directory.
* A good hacker has background knowledge.

* Transitioning from an IT generalist? Yes!

* And give Donovan a call if that is what you want to do!
* Generalists are overlooked. If Donovan can talk to someone like this about exploits, metasploits, and lateral movement…they will be great penetration testers.
* The market is super thin for folks like this.

* Building the community

* We want to make the community stronger by teaching people how to get into it.

* Antennas and proximity cards

* Donovan’s team, when they go home, does research and development. They are junkies when it comes to the technology.
* They can duplicate a proxy card easily within 4 feet when hired to break into a company.

* Red flags during interviews

* Some people have a god complex and love power (love being in charge, etc.) and control. These folks may withold information.
* The good guy wants to break in but has to let the client know. They want to fix the situation and provide the client with a better solution to prevent this from happening in the future.
* Donovan and team also do deep background checks for new employees.