In this season of Hacker Valley Red, we focus on cybersecurity legends in offensive operations with a legend in physical pen testing and lockpicking: Deviant Ollam. As a pioneer in our industry and an author of two incredible books about lockpicking, Deviant shares his history from hobbyist to professional and all that he’s learned along the way. He also discusses making the secrets of the hacking world accessible to all. Timecoded Guide: [01:28] Defining the pioneers in cybersecurity[08:47] Deviant’s first explorations in lockpicking [16:03] Accessing and democratizing hacking secrets[18:58] Becoming an author to transfer his knowledge[23:12] Seeing the past, present, and future of hacking Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life! Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley _________ What does it mean to be a pioneer in cybersecurity? As our season focuses on legends, it’s important that we explain what makes these individuals such a vital part of our community. In the case of this episode, we explain that our guest Deviant is nothing short of a pioneer. Deviant has been willing to take on new challenges and revolutionize the industry throughout his career, influencing hundreds of individuals and leaving a lasting educational impact on the entire industry. “That ‘zero to one’ part can be the hardest part of any progression in any field, but especially in cybersecurity.” — Chris When you reflect on changing this whole industry, how does that make you feel? Despite our guest’s legendary reputation, Deviant is humble about his achievements, caring more about how his work has impacted others than himself. What he focuses most on in his teaching, presentations, and writing is making lockpicking and penetration testing accessible and understandable. Instead of harboring secrets and perpetuating exclusionary policies, Deviant wants anyone to be able to master these skills and understand this knowledge. “I’m not the first one who ever did this. What I like to think of my contributions is that they have chiefly been making it accessible and democratizing this knowledge.” — Deviant Do you think it's harder today to stand out than it was a couple of decades ago? For Deviant, our globalized internet and algorithm-focus social media sites are both a blessing and a curse. While knowledge can be found on every corner of the web and anyone can become familiar with the information that was once borderline inaccessible, Deviant also recognizes that younger hackers and lockpickers will have a very different rise to success than he did years ago, especially due to fragmented audiences and tricky algorithms. “We have more avenues to put yourself on display, to put yourself out there than ever before, but that means the audience is fragmented and is spread so thin.” — Deviant What piece of advice would you have for the folks that want to make an impact in security and technology and in our community today? Although success will look different for newer members of our cybersecurity community, Deviant is confident that the younger innovative minds of the future will be able to solve so many of the long-standing problems within our industry. However, he reminds our younger audience that they need to still respect the tenured members of the cybersecurity world and learn from them without oversimplifying the issues past professionals have faced. “Start thinking about it in a way that doesn’t use ‘just,’ because every old head in the industry has heard that….We couldn’t ‘just’ do it, or we would’ve ‘just’ done it.” - Deviant Hacking the Vocabulary: Physical pen-testing — A simulated real-world threat scenario where a malicious actor attempts to compromise a business’s physical barriers to gain access to infrastructure, buildings, systems, and employees. CVE— Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues. Lockpick Village — A physical security demonstration and participation area where participants can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficulty. Additional resources to check out: Robert Morris, the Morris worm, TOOOL, the CORE group, Practical Lock Picking: A Physical Penetration Tester’s Training Guide by Deviant Ollam, Keys to the Kingdom by Deviant Ollam, DEF CON ________ Spend some time with our guest, Deviant Ollam, on his ...
