Скачать или смотреть Unpacking Bug Bounty Strategies with RootSploit: Zero Days, Recon, and Vulnerabilities #17

Cybersecurity professionals Kyser Clark and Pranit Garud (RootSploit) discuss their experiences in the field. They cover topics such as bug bounty programs, the role of an offensive security engineer, and the differences between consulting and working for a Fortune 500 company. Pranit shares tips for getting started in bug bounty hunting and emphasizes the importance of understanding the business logic of a company. He also highlights the need for a mindset shift when transitioning from consulting to an internal security role.

Connect with Pranit on LinkedIn:   / pranit-garud  

Takeaways

Bug bounty hunting requires a proactive and research-oriented mindset, as well as a deep understanding of the target company's technologies and business logic.

Working as an offensive security engineer in a Fortune 500 company offers the opportunity to see the inner workings of the organization and make a greater impact on security.

Transitioning from consulting to an internal security role requires a shift in focus from exploitation to securing and collaborating with developers.

Building a close relationship with developers and understanding their challenges can lead to more effective security measures.

The pace of work in a Fortune 500 company may be slower due to approval processes and the need for careful consideration of potential impacts.

As a cybersecurity professional with over six years of experience, I focus on strengthening digital assets against ever-changing cyber threats. I specialize in penetration testing, ethical hacking, red teaming, and offensive security. I excel at uncovering and addressing vulnerabilities in networks and web applications.

My mission is to make cyberspace better & safer for everyone by committing to lifelong learning, sharing knowledge with the community, and inspiring others to do the same.

Credentials:

• BS in Cybersecurity Management and Policy from UMGC.

• 13 certifications including OSCP, CISSP, eJPT, OSWP, PenTest+, CEH, CySA+, CCNA, Cyber Ops-A, Cloud+, Linux+, Security+, and Network+.

• Pwned 103 HTB machines and mastered 216 THM rooms, securing top leaderboard rankings on both platforms.

• Pursuing OSWA certification and MS in Cybersecurity Management and Policy at UMGC.

• United States Air Force Veteran

Time Stamps
---------------------------------------------------
0:00 - Introductions
4:37 - Rapid Fire Questions
6:53 - Why is learning both exciting and challenging?
9:09 - CRAC Learning Community
11:43 - How to get started with Bug Bounty
15:18 - How to select a Bug Bounty Program
19:46 - How to Avoid Duplicate Findings
25:09 - What it's like being a Fortune 500 Ethical Hacker
35:19 - Final Hot Take and Wisdom

Connect
---------------------------------------------------
https://www.KyserClark.com
https://www.KyserClark.com/Newsletter
https://podcast.KyserClark.com
  / kyserclark  
  / kyserclark  
https://www.instagram/KyserClark
  / cyberkyser  
  / kyserclark_cybersecurity  
  / kyserclark  
https://kick.com/kyserclark-cybersecu...
  / discord  

Tags
---------------------------------------------------
#Cybersecurity #infosec #informationsecurity #datasecurity #cybersecurityexpert #cybersecurityexperts #cybersecuritytips #cybersecuritytraining #hacking #hacking_pro #hacker #hackers #ethicalhacking #ethicalhacker #hackerman #hacked #penetrationtesters #penetrationtesting #pentesting #pentesting #pentesting #pentester #redteam #redteaming #offensivesecurity #security #technology #tech #IT #informationtechnology #Cyber #computerscience #LearnShareInspire #KyserClark #Kyser #BugBounty, #OffensiveSecurityEngineer, #Consulting, #Fortune500, #MindsetShift

Music
---------------------------------------------------
All music featured in this video is by Karl Casey @ White Bat Audio.

Disclaimer
---------------------------------------------------
Attention viewers: This video is strictly for educational purposes, emphasizing ETHICAL and LEGAL hacking only. I do not, and will NEVER, condone the act of illegally hacking into computer systems and networks for any reason. My goal is to foster cybersecurity awareness and responsible digital behavior. Please behave responsibly and adhere to legal and ethical standards in your use of this information.

The postings on this site are my own and may not represent the positions of my employer.