Group Discussion and Mentoring

• BLUF: Chat with Robert (CEO PEN Consultants), others on the PEN Consultants team, or others outside the team. Mentors, mentees, people asking questions, people answering questions - all on the same call.
• Instead of 1-to-1 or even 1-to-N, this is N-to-N.
  • Multiple people receive answers to questions and mentorship at the same time.
  • Multiple people can provide insight at the same time.
• The same person can both ask for advice/help and give advice/help on the same call.
• Agenda: None. We lead with prayer, intros, and possibly pick back up on a previous month’s discussion that we did not complete. Other than that, it’s an open floor - ask anything.
• Topics: Any - from getting started in cybersecurity to helping with advanced technical challenges, business-related, faith in the workplace, etc.

• How to get into pen testing.
• How do you convince a client they need security in general (as in no budget for it) or penetration testing (as in limited budget)?
• Should I get a 2nd degree in computer science in addition to cybersecurity?
• Ethical considerations and boundaries for firing someone over something that was never communicated or given a chance for remediation?
• How to differentiate between a shopper vs buyer.
• What is the primary key to security?
• How to communicate with someone who is largely unresponsive.
• Dealing with willful ignorance.
• Defining good performance objectives.
• What are the boundaries in regard to artificial intelligence as it relates to both cybersecurity and ministry?
• What are the risks of using Copilot in Windows and how can those risks be reduced; or should it just be disabled?
• What protections can be put in place to ensure AI queries cannot return sensitive data that it should not be sharing?
• Is it possible to trick AI into providing inaccurate information by compromising a source from which it pulls data from?
• Lead generation topics, including presentations at small and medium business luncheons.
• Pros and cons of whether a cybersecurity tester that was involved in some gray hat activity when they were a minor should be considered for potential employment.
• How many cybersecurity certifications are enough. When is it a case of diminishing returns?
• Grant programs to get funding for apprenticeships.
• Lead generation tool that lists what products or services people are searching for, and it can be focused to a specific geographical area.
• Implications of the 23andMe breach.
• What are the risks and considerations of the lack of offensive security testing and experience with SCADA?
• How do you decide when to not serve a client based on a service/product they sell or action they are taking?  Where is the definitive line that should not be crossed? Ex. a pharma company has a cure for cancer but also a drug used exclusively for abortions, a medical facility that offers beneficial services but also abortion services, a company pays for their employees to travel from a state where abortion is not permitted to one that is, or similar scenarios.
• How helpful are CTF’s in preparing for Cybersecurity certs and/or gaining experience?
• What does a typical workday/schedule look like for an OffSec tester?
• Are the Network+ and Security+ certifications worthwhile/recommended for building your OffSec Tester resume?
• Does a pentesting company typically have a dev test network or are the individual testers required to have one in order to test tools or techniques utilized on a client engagement?
• What do future careers look like for technology professionals who have strong moral convictions that conflict with corporate mandates?
• How do you live your faith and stand firm on your moral convictions in the workplace but without intentionally causing conflict or needless confrontation?
• How do I achieve non-attributable and managed attribution in online profiles and technology stack?
• How can I ultimately achieve success at passing OSCP after failing multiple times?
• How to do I start a career at NSA and what is it like working there?
• What is the impact of being a Christian run company in the marketplace?
• Trump assassination attempt and how to know what is true.
• iOS security compared to other OSs.
• Creating a password cracking rig.
• Source code review tools during web app pentests.
• Risk analysis frameworks, processes, tools, tips, etc.
• How do we ensure the safety of a client’s infrastructure and data during a pentest?
• What pentests tools are dangerous and could affect availability?
• What is white box testing, pros/cons, is it common, what does industry and compliance standards say, etc.?
• How do we learn about a client’s risks and come to the best recommendation for testing?
• Pentesting when all of the client infrastructure and data is in the cloud.
• Supply chain concerns in light of recent attacks, how to detect, mitigate risks, etc.
• How broad sweeping laws and regulations impact the offensive security industry - ex. AI-generated / deepfakes
• What does a red team/incident response exercise entail?
• What is a good baseline checklist for security best practices?
• What are the common deliverables and follow-up action items after a penetration test?
• Discussed a kingdom-focused verified marketplace that is being created in the EU.