Cube Talks: May 22nd, 2026
Disclaimer: This transcript was generated with AI assistance and has been manually reviewed and edited. Despite best efforts, some inaccuracies may remain — please use your best judgement when referencing specific statements.
TL;DR / TL;DL: Session covering SOC survival tips, avoiding pen-testing burnout, and staying engaged.
Listen on Spotify: Cube Talks – May 22nd, 2026
FalconSpy: Hi everyone, welcome to this week’s Cube Talk. I’m your host FalconSpy. This is your opportunity to ask our panel of staff and volunteers any questions you might have about any of the services we offer here at Hack the Box as well as InfoSec in general. We’ll do the best we can to answer as many of the questions as you have within the next hour. You can use the forward slash Cube Talk command to ask your question to our panel of staff and volunteers. You can use that same command to also upvote questions to the top of the queue. Questions are typically first in, first out, unless they are upvoted to the top. We’ll introduce everybody here on the panel in case you have any targeted questions towards any of us, and then I’ll sound like a broken record and we’ll go to the questions. So in no particular order, we’ll start off with control zero. Cody, that’s you. We’ll skip Cody for now. All right, ippsec, why don’t you go for it?
ippsec: What’s going on, everyone? I’m ippsec. I’m a lab architect. I just float around various departments trying to bring value where I can.
FalconSpy: Then we have Chad B.
ChadB: Hey, good morning or afternoon, everyone. Chad B. Noob, guest here, current red team operator and Hack the Box enthusiast, it seems.
FalconSpy: And then we have Zeyad.
21y4d: Hey, everyone. I’m Zeyad. I’m from the Academy team, and I’m here for any Academy questions.
FalconSpy: And Idna.
idna: Hey, also, I’m Idna. I look after the defensive content engineering.
FalconSpy: All right, I am FalconSpy, the host, and one of the community specialists here at Hack the Box, also a full-time red teamer at Oracle. Hopefully, control zero can get his stuff working, and we’ll have him introduce himself after. But broken record time. Use the forward slash queue talk command to ask your question to our panel of staff and volunteers. You can use that same command to also upvote a question at the top of the queue. And questions are first in, first out, unless upvoted. And I’ll do the general disclaimer now. Any questions asking us about things on our roadmap or modules that we’re working on, we typically don’t disclose that info in case — well, we don’t want to give anything to any of our competitors. We don’t want to miss timelines. So we’ll ask the questions anyway, but we’ll probably fall back on the disclaimer and go from there. What are some tips on how to survive a SOC shift at work for someone who’s looking to first join the field? Like, what are ways to survive your shift?
ChadB: Lo-fi.
FalconSpy: Like, lo-fi music, girl? Oh, I’m sorry.
ChadB: The year I spent in the SOC, yeah, it would be background lo-fi music on YouTube. That and having something mentally to take you out of it just on another screen that you can just drop into, because SOC 1 jobs are very tedious, for sure. You’re just literally looking at streams and streams of data depending on how your company has everything set up. And I do apologize. I thought there might be someone else that’s working the SOC.
idna: Yeah, I’ll jump in as well. I think it kind of depends on how much freedom you have in your SOC role. If you’re in a really tight environment where you are forced to follow exact playbooks and exact processes — which do exist and they exist for a reason — but if you’re in that kind of environment, I would probably look for some ways to give yourself puzzles. How can I automate this? How can I find some enjoyment in that kind of churn? I think it kind of depends on the kind of environment you’re in as well — are you likely to see something really interesting coming through, or are you looking after some environments where threat actors are hitting them all the time and there was always something to chase? If you aren’t so constrained to those processes and playbooks, between alerts, if there are opportunities, go hunting. Look for evil. Find the logs. Just see if you can find something in there that no one else has spotted. Generally, just look for some kind of enjoyment in whatever’s there. Yeah, curiosity definitely helps a lot. If you’re in one of those environments that just say you need to do 200 tickets a day, I would be looking for a new job and not worried about getting fired, just because that job sucks. But what I mean about being curious is, if all you do is try to triage tickets and you’re just trying to close the ticket as fast as possible, that’s what I find most people burn out on because they don’t think they’re bringing value. You’re just kind of closing tickets and if you do that too much, then you falsely close tickets. I think you should always try to be curious about it, pick some tickets that you don’t fully understand and try to do some investigating on your own, and go hunting there. And most of the time you’re like, oh, well, it’s not interesting because these things happened before — and that’s just how you kind of grow. The reason why I hate all the environments that say you have to close X number of tickets per day is it doesn’t leave any room for growth. So you kind of just do as much pointless work as humanly possible. You do that for a year, you didn’t really learn much in the role. You just learn things very targeted to that environment. Like, when this service goes down, we just reboot it and we don’t know why. That’s just what we do. We don’t investigate. And I don’t see how that’s beneficial in your next job. Like I always think about what my next job is and make sure the tasks I’m doing benefit me for that.
idna: I don’t listen to music. Music distracts me. I do complete silence.
FalconSpy: Our next question is how to survive in the AI apocalypse. Despite AI putting 80% slop out there, but it will eventually be better than humans — how will we be able to survive in cybersecurity with AI?
idna: I don’t think this is anything like we can give concrete answers on because it changes so freaking often. The one thing I don’t think a lot of people ask is, is AI actually saving money? I think AI has done a really good job at making time not a factor, but I think it’s extremely, extremely expensive. And right now, like everything’s subsidized, so it doesn’t seem as expensive until you go like the zero data retention or direct API route. But like we see subscriptions getting their price increased. Like I think next month in June, Anthropic is going to start charging whenever you use the claw-p command, which is heavily used in any type of orchestration. There’s also just lots of changes around how subscriptions are working in general. So I think as those companies need to become profitable and stop burning just VC money, they’ll start finding ways to monetize. It’ll become expensive. And then all those things that people have automated will no longer be cheaper than a human. The one thing I really wish more focus was put out around, like all the mythos thing about finding these vulnerabilities, is how much money did it cost to find all those vulnerabilities? If you use that 50 grand to scan Firefox on an actual researcher, would they find the same things? Like I don’t think that analysis has been done. So I think just learn AI. You’re going to need it. But I think the over-reliance on AI probably won’t be a thing in two to three years as the cost does increase.
ChadB: I’ve also heard an argument that it will actually create more cybersecurity jobs, as there may be less humans around to do proper housekeeping and things of that nature. So if you replace a few good system administrators with a bunch of AI agents, how much stuff is left out there for us to find in the long run? I think cybersecurity itself will be okay. That may be a hot take, but I think we’re going to be good.
idna: I agree. I think I’ve said this before, cybersecurity is very often about accountability. And if you outsource everything to AI, who is actually accountable to making the right decisions, containing the right things, finding the right stuff, whatever it might be? If no human is in the loop there, then do you hold the AI company accountable if you get popped? Because it did something wrong or didn’t contain a breach? I mean, I can’t imagine that happening, certainly not in material organizations. So regardless of where AI sits in the loop, you’ll still need people there, I’m sure.
FalconSpy: The other side of it too, I don’t think it’ll take over a ton of jobs. It might take over a few in the space, but at the end of the day, at least from a red teaming perspective, I know I’ve been using some of these new models that are out there. Kind of like a junior pen tester, junior red team operator, you definitely don’t want to run this in YOLO mode because it’s potentially touching production machines. You definitely don’t want that. You’re basically just babysitting the robot the whole time and saying yes or no on what it can and can’t do. You’re setting the additional guardrails outside of what the companies who set up the guardrails for those models have done. And then outside of that, you can run multiple different agents on this and you’ll kind of be babysitting most of them, or multiple, if you decide to kick off more than one. And it’ll definitely help you write exploits. It’ll do some great things. But at the end of the day, one would hope there’s still human intervention. I don’t think it’ll take anything away from people. It’ll just help what they’re doing.
ChadB: There’s also one situation that a lot of the consultants are seeing where the client’s like, you guys aren’t going to set AI loose on our network, are you? It’s like, cybersecurity and pen testing and red teaming has to happen. What client wants an AI running around on their network, trying to get access and take over as we as responsible humans do. I’ve actually had a client interface where they specifically say, you guys aren’t going to just drop an AI, you know, let an AI loose on our network to try to do it. It’s like, no, we’re still human. We’re the humans behind the keyboards, so on and so forth. So there is that still human aspect where, yeah, AI is great, but do you want AI to do what we do? Do you really want a fully autonomous pen tester or a red teamer on your network that might accidentally delete the production database?
FalconSpy: Anyone else? Otherwise we can move on. All right, this one’s an upvoted question. So you’ve all said that binary exploitation has become more obsolete due to AI, but what about the detection engineering modules? Those have loads of C++ programs and it’s hard to practice without just pushing the easy AI button. What should this individual do to make learning this kind of material and writing these programs worth it? And is this necessary for any upcoming exams?
21y4d: I mean, in general, you should make use of AI just like you do in software engineering or coding. If you don’t, then you will be left behind. But when we say binary exploitation is no longer relevant, we don’t mean because it is completely outdone by AI. At least personally, what I mean is that now it is so difficult, so advanced, that it is only useful for nation-state actors and it does not really make sense for you to study and go all the way from foundations through the advanced heap exploitation and browser escapes and JavaScript engines and so on to be able to find those extremely niche vulnerabilities. That’s why, personally, I find binary exploitation to be no longer relevant for the vast majority of people. But whether AI helps or not, I mean, this is a different story.
FalconSpy: We have another upvoted question. So they don’t expect us to exactly explain how the Q&A works, but they’ve seen quite a bit of easy medium Linux boxes with similar pathways, including the latest one, Helix. As it is still active, they won’t talk much, but they’re asking what’s being done about duplicate related machines that have similar paths. They have no problem with one active machine with said path, but not multiple.
ippsec: Oh, we reject a lot of machines that have similar paths. I think this kind of stems from something we are close to somewhat fixing. Right now we have probably 50 machines in the queue and it’s hard to track all the things that relate, especially when we may approve something two months ago and then we read something and forget that we approved something with the same path two months ago. Like, it’s a weird problem right now because we’re having so many submissions and a lot of the submissions are coming from AI and we’ve found that a lot of the people that are leaning heavily on AI to come up with ideas end up with the same idea, slightly different. Hopefully, we will have it fixed. Can’t really say too much, but there could be something changing in the whole season format near the end of the year that we’re going to try out, but still playing with things.
FalconSpy: We have another voted question. What should somebody do after the CAPE certification path if they want to specialize within Active Directory?
21y4d: Yeah. For those expert level certifications, I think we do mention this at the end of CWEE or maybe in one of the AMAs — we try to get you to a level where once you are certified, you can find the niche, more advanced vulnerabilities on your own. So you have the ability to go on from there on your own. So you don’t have to keep waiting for other courses or more advanced stuff to do. Once you reach, let’s say, the level of advanced web exploitation or expert level of web exploitation at the end of CWEE, and the same for CAPE, you should be able to pick it up from there. So that’s at least our plan. We don’t intend, at least for the time being, to release more advanced stuff for the expert level certifications.
FalconSpy: We have another upvoted question. Thoughts on malware analysis and if AI will disrupt the field? I’m not sure disrupt is necessarily the right word here.
idna: AI is very, very good at malware analysis, reverse engineering, that kind of thing. And I can only really speak from the CTF side of things here, but we do very often deal with real malware in that and AI is very, very good at it. And there’s certainly less operational risk doing something like that in real life than it would be on a live environment, because you’re generally operating on an isolated file. So yeah, I don’t know if disrupt is the right word. It might disrupt the CTF side of things there, but maybe less so in the actual industry — more of an enabler, I would say.
FalconSpy: This next one is, this person feels they’re not nefarious enough for the pentesting field. Is this something that can be learned or should they just concentrate on the defensive side? They’re really intrigued by pentesting and ethical hacking. I feel like nefarious is the wrong word here, but we’ll go with it. That’s what they put.
ChadB: I think if you’re really intrigued by pentesting and ethical hacking, you’re probably in the right place. It’s more curiosity than actually being nefarious or evil, because in the end, everyone here, of course, wants to make security better for someone. And we do that through that curiosity for sure. I would, yeah, I think you’re right. I think nefarious is the wrong word. But anyone who’s curious or wants to learn deeper or solve the problem or just figure something out is probably in the right place for sure.
21y4d: I mean, I see it as a kind of a puzzle. The same thing can be said about programming and software engineering as well in some cases, like problem solving and debugging. But yeah, in pentesting, you can look at it like a puzzle. You are trying to solve something. In many cases, you are trying to find something or understand something better than the person who created it. For example, if somebody configured Active Directory, if you understand those configurations, at least in terms of security, better than the person who configured it, then you can find ways to bypass things. Same goes for programming and coding like injections and so on. So it’s just like a puzzle based on your understanding or deep understanding of certain systems and computer science in general. I always say that one of the great things about pentesting is that it requires understanding of various fields of computer science. Whereas if you specialize in, let’s say, databases or networking, you only need that specific field. So that’s another good thing about puzzle solving using — or in — pentesting.
FalconSpy: I’ll add, in the sense of like, the question is, is this something that you can learn — in terms of being more curious and thinking outside the box — I think as you start to do more machines or you go through academy modules, like you’ll start to understand things a bit better. And then like Zayad was saying, maybe you’ll think of things a bit differently. Maybe once you’ve established yourself in that field, let’s say it’s just Active Directory, you’ll know it better — like as Zayad was saying — than the person who set it up, and you can find those things. So I mean, definitely having that curiosity and thinking outside the box, I think that’s something you can start to learn. And once you have this concept of like, oh, this is what I expect to happen, now you can start to think differently — well, what if I did something different? Yeah, you don’t have to be nefarious. Nefarious is just like a negative word. That’s basically like non-ethical hacking. You’re doing things nefariously.
FalconSpy: Very highly upvoted question. What field is AI disrupting the least?
ChadB: Physical pen testing. Maybe in-person social engineering. I’m sorry.
21y4d: No, go ahead.
ChadB: I was going to say, as far as what we do, physical pen testing, on-site social engineering and things that are requiring you to be in-person as opposed to behind the keyboard for sure.
21y4d: I mean, the AI robots, and then we’re screwed.
idna: I was going to say MaltBot has a social network where it tasks humans to do those type of tasks.
FalconSpy: Someone’s going to have Boston Dynamics teach their robots how to lock up and then we’re all screwed.
idna: I thought that was one of the things that like MaltBot actually had done — is like establish a social network where it would put up physical bounties for things it couldn’t do in the real world for someone to go do it for them. I know that was a meme like a month or two ago.
FalconSpy: Yeah, but that’s not like the AI doing it itself. It’s delegating.
ippsec: I mean, if you go that route then it’s still humans delegating the AI to build software. Why can’t AIs delegate to humans and call it an AI task?
FalconSpy: Touche. Okay. Okay. I don’t have an argument against that.
ChadB: When the AIs are actively telling us what to do, we’re probably in a really bad place. It sounds like we might be there.
ippsec: I mean, Falcon doesn’t run in a dangerous mode, so constantly the AI is telling him what to do and he’s approving it, so we’re already there.
FalconSpy: Well, it’s not telling me what to do. I sit there and tell it what to do by approving it.
ippsec: That’s what you think. It’s just social engineering you very well to think that.
FalconSpy: No, there’s times where I say no to it.
ippsec: And then does it say something else and get you to say yes eventually?
FalconSpy: I mean, sure, after I’ve readjusted the prompt to tell it what to do and then it’ll be like, how does this look, and then sure I say yes.
ippsec: How do you know that AI just didn’t —
FalconSpy: All right, moving on. After playing a number of CTFs, this person’s become very interested in becoming a challenge author for one of the next CTFs at their university, but they’re confused on how to start and how to go about doing this. How should they go about creating their first challenge? Do we have any tips on how they can start and build their confidence in creating challenges for CTFs?
ippsec: A lot of the challenges on the platform — or part of the challenge — is downloading like a container or something like that in order to prove your exploit locally and then you end up running it on the main thing. So for things like web challenges, there’s a lot of material out there that we provide as part of our challenges that will help you understand what’s going on behind the scenes there. In fact, you need to understand what’s going on behind the scenes in order to solve the challenge. So you could look at taking inspiration from a challenge you really like there and look at creating something similar and then see where you can go from there.
FalconSpy: I would also say — obviously that’s up to the people here in the community — but I would say try reaching out into like the challenges channel, especially if you want to try and create your own CTF challenges or just challenges in general. See, but for the people who have like a purple name, that’s usually either a box creator or a challenge creator. Just say like, hey, is it okay if I DM you and like run some things by you? You might have to click their name to see it, but yeah, it’s usually a purple name. It’s going to be both box creator and challenge creator the same color, so you’ll just have to click the name to see which role they have. See if they’re willing to help you out. Yeah, it’s like Donut Master 123. Although I don’t remember which one — challenge creator, there you go. Up to Donut Master if he wants to answer you though. All right, next question here. This person’s learned networking, web, mobile app, pen testing. They played a lot of CTFs, usually placed in the top five. Also completed our courses like the CAPE, CPTS, CWES, but lately they feel like they don’t know how to improve anymore. What are some things that they can do to learn, or what should they do next? First off, good job.
ChadB: Completing all of that material for sure. I will say this, at my first pen testing job I did have a 16-year-old co-worker who was hired with similar studies. Of course, they were part-time but that person did a lot of work, a lot of good work. But as far as what to do to improve, I’ll leave it to everyone else.
21y4d: I’d say this depends on your goals. Do you want to get more in-depth into that field or do you want to be like a general pen tester? It depends on your field. If you just want to be generic, you can try learning different topics. If there’s a certain field you liked among those, the ones that you’ve already done, then you can try going deeper into that field.
FalconSpy: I realize I read the wrong question — I went way out of order — but whatever, we’ll keep going with it. What do you want to do? What’s your end goal? Do you want to be a red teamer? Do you want to do pen testing? What’s the end goal? Ideally, it’s what you’re looking to do. Obviously, that can change. You can change your career path. It’ll still be within cybersecurity based on what it looks like you’re trying to do, but try to find the niche that interests you the most, at least even right now, and then try to go after things that help you learn that particular field or get more depth into that.
idna: There was nothing in the examples given about defensive stuff — and that’s not to say you haven’t done that — but still, if you haven’t, you could give that a try. And I’m bound to say that, but you could give it a try because first of all you may find it really interesting. It might be something you haven’t done before and it’s a new skill to learn. But if your primary goal is offensive and you haven’t done much defensive, it will help you understand what your forensic footprints are, what might trigger an alert, what might enable you to bypass EDR, or whatever it might be you’re doing there.
FalconSpy: The question I was supposed to read now, and I read the wrong one before — what should someone look to pursue, certification wise, for bug bounty in the cybersecurity field? So like, what should they pursue?
21y4d: So if you are just beginning, start with CJCA and once you complete it you should be able to do CWES. I suppose, I mean, CWES was called CBBH before — bug bounty hunter — and it is web testing with a kind of small focus on bug bounty as well. So yeah, I think this is a good way to start.
FalconSpy: Next one here — this person doesn’t know if there’s any specific academic term for this, but when they go through a path they find themselves constantly re-reviewing what they’ve already done and it slows down their progress. They have their notes, but they still don’t feel comfortable until they’ve re-reviewed everything to try and move forward. Is there anything that someone can do to fix this?
ChadB: I think you’re already doing a good job if you know that you have to go back and do that review. If you want to improve that process, I would say keep doing what you’re doing, or be sure to go through things twice. But if you’re not just pushing forward, if you know that you have to go back and review something, you’re already on the right path. I will say that what I do is I’ll read through something and I’ll turn on my text-to-speech reader and just listen to it the next time before going through it, specifically on Hack the Box Academy. That’s all I would say about that. But if you’re self-aware enough to understand that you have to go back and look at something, absolutely keep doing that. Don’t stop doing that. As far as improving, do you guys have any other ideas?
21y4d: Yeah, what you’re doing is not necessarily wrong. As is the case with building any skill, at the beginning it is a little bit slow. So it’s not about speed, but about building your skills and building your understanding. So it’s definitely okay to go back and review stuff, and as time goes you will find yourself not needing to do this as often because those skills will become just second nature to you and they will become in your muscle memory. So you will have to kind of review other more advanced stuff. So I mean, this process is not inherently broken, so there’s nothing to fix about it.
FalconSpy: Agreed. Which beginner certification is best for learning computer networks? CCNA? Network Plus?
21y4d: I mean, the issue with picking one is that you will kind of have to stick with their approach. For example, if you went into CCNA, I think the first one is CCENT, the entry level one, and then CCNA. They will teach you, the first one maybe just teaches the network topologies and so on, but the second one, CCNA, I think they start going into their own systems and how to use their CLI, and so on. Is it called IOS if I remember correctly? I’m not sure. But yeah, you will learn their functionalities and so on. So if you want to do something else, let’s say at home you want to do something with Unify or you want to do something in Linux, it will be slightly different. So that’s something to keep in mind. If you just want the foundations, then yeah, CCENT is good.
FalconSpy: Is that one still around?
21y4d: I did CCNA 12 years ago, so my information is not up to date. But from what I remember in 2018 or 2020, they kind of split
ChadB: it into — yeah, they made it to where you could take the two exams or the one. I don’t think CCENT is around. What they did was the higher level certs, now there’s just a lot more of them. And each one, for a CCENT it used to be three exams, you could take three out of five exams. Well, now each one of those exams is an individual cert. And if you add up the right number, then you have the CCENT. But I’d still agree, CCNA still gave you a lot deeper actual network knowledge even though it was vendor specific. Back in — I think mine was — CCNA was the networking OSCP. It was just a thing that was known. Oh, you passed that exam. I know the exam has changed a lot since then but that used to be the top. At the very least, maybe Network Plus. I have not taken Network Plus, so I would still lean on — I would still suggest maybe CCNA.
FalconSpy: All right, next question is an upvoted one. So other than the foundational IT support desk roles, what are other avenues to break into a full-time defensive or offensive position? I see people in my area, location wise, focus on DevOps, infrastructure, or positions similar to sysadmin prior to these cybersecurity roles. What would an ideal path look like for landing a pen testing job given prior experience in networking and software?
ChadB: If you have the knowledge and you’re trying to get into it, aside from being here and doing things like Hack the Box, I would say start talking to people.
FalconSpy: That would be my suggestion. I’ll say it I guess. Usually IPsec likes to say — helping with, yeah, like Chad says, networking. Usually networking is very helpful, especially if you can network with people who will hopefully refer you and HR will send you a request for an interview. As IPsec will usually say, typically if people recommend or refer and the company ignores those referrals, people will stop referring, which doesn’t look good for the company because then people don’t want to recommend people to work there. But also, getting someone to refer you usually helps you bypass any of those HR filters that you’ll deal with if you were to cold apply to these positions. You’ll get past the AI filtering, any other filtering. So even if things don’t work out, you’ll at least hopefully probably land some type of interview, then go from there.
ChadB: I’d say the cybersecurity jobs, to include this one, I just knew someone there. Just straight applying for a job from their careers page — literally never gotten a human to reply to that while I was looking for work. While I was job hunting to the point that I got this one, every interview I’ve had was aided by the referral of someone I knew. I don’t know that it happens any other way, actually. And I will also add — you’re already on Discord, join some servers, start talking to people, jump into the community for sure.
idna: Something that happened to me before was I was at a local conference and there was a CTF being run by a local company — but they were a pen testing company — and it was basically an entry point. They would then follow up with everyone that entered the CTF, or certainly that did well in the CTF, and say, are you interested in doing some work with us? So you could look for things like that as well if there’s anything in your local area. This company — this was one of the big four consulting firms — they probably do this a lot. That’s not localized to me. You could look for things like that, look for ways in in that way, and then they can reach out to you if you do well in them.
ChadB: So the last thing I would say is — be helpful, right? Like, asking questions… if everyone on this panel just helped answer a question for me, I would say yeah, I would absolutely recommend FalconSpy for a job for sure. He helped me out. Let’s go. I’m trying not to drop into a conversation about Ryan, but be helpful and active in the community instead of just joining the community for sure.
FalconSpy: On the other side of things, right, if there are questions you have — I mean, like, maybe it’s a little daunting to ask them, but like, probably everybody in this field at some point or another asked that same question. And even if you think it’s stupid, and maybe it is, ask it anyway, and then hopefully someone will answer it properly and not make you feel inferior for asking it. But like, you know, we hope that at least our community that we have here on Hack the Box will help you learn and no one will talk down to you for asking your question, even if you think it is stupid — or it is stupid. Also find other communities that will also help answer those questions. Chad, I know you’re — go for it.
ChadB: I literally built — I try not to say it too much here — I literally built my Discord server to include the title based off of what you just said. When I first started joining Discord servers and finding people that were streaming on YouTube and Twitch and then joining servers and saying, hey, what does this MF flag do — the first couple, I won’t mention them of course, the first couple servers I joined were like, oh, you get out of here, you stupid new guy. And I just literally created another place where you get kicked out for doing that. And interestingly enough, knowing that on the way in, that almost never happens right. But yeah, absolutely, there are no stupid questions, unless I’m the one that’s asking them — everyone else is good. So just trust that you’re never alone with that question.
FalconSpy: People who had the same stupid question and didn’t want to be the sacrificial lamb — so like, be the sacrificial lamb.
ChadB: I’m going to use that. Absolutely, I’m going to use that later. Thank you.
FalconSpy: This is an upvoted question. Just a bit of timekeeping before I go to the next question — we have about 15 minutes left, we’ll try to get through as many of the remaining questions as we can. This person understands networking concepts but sometimes feels these can be obscure. For example, they understand TCP/IP protocols, but the computers have to do something at bare metal. How do they first make sure… I don’t know, I think they’re just trying to understand like how a computer realizes it’s supposed to do what it’s supposed to do. Like how does it know it’s receiving power — that’s like the base example they’re using. Like how does a computer know it receives power in order to do something more?
idna: At some point you just have to accept things work. You’re free to always dig into those concepts, that would be more like a hardware type of thing and going into actual electrical engineering. But at the same time, many people that use Python don’t understand C — many people are productive. And that’s kind of the concept around vibe coding now. Now I can talk to Claude or Cortex or whatever it is and get a program out. Doesn’t mean the program is going to be good — that’s debatable right now. But at the end of the day, if you always go farther into the weeds, then you probably won’t become productive because people created tools in order to prevent you from having to know all that prerequisite knowledge. So there is an art to knowing when to stop going up one level or down one level. Hopefully you get the point.
ChadB: Analysis paralysis. Or if it’s just something you’re interested in, dig into that one thing and then yeah, pull yourself back out and get back to the command line or the terminal or the higher level where you’re actively being productive again for sure.
idna: Yeah, like I like to learn all those things just as funny side projects. Like I remember years ago when Arduino first came out — or when I first started seeing about Arduino — I was like, huh, this is cool, and then I Googled fun projects and I was like, oh you can like make your own breathalyzer. That’s not really that accurate but it’s a good way to like play with electronics and understand it. I want to say there’s like a monthly hacker subscription box geared towards kids — I forget what it is. I’m sure if you Google like hacker box or something you’ll find it. Even though it’s geared towards kids, like we have very limited knowledge in that aspect — go for it. It’s a lot of fun.
ChadB: I think that might be it. I’ve seen those.
FalconSpy: I had to make myself not order those.
idna: I think it’s hacker boxes.
FalconSpy: Yeah, that’s exactly what it is.
ChadB: I should not be on this website, okay, but —
idna: Another one like I did a long time ago was they had a build-it-yourself Enigma machine. Is that practical? No. But like it was fun to play and like I learned a lot about hardware under the hood. So like it’s fun to learn that as a hobby, does it benefit me? Not really. Is it a fun thing to kill some time? Yeah.
FalconSpy: Do you know Enigma and how to crack it better now?
idna: I did at one point.
FalconSpy: Okay, well there you go, you learned multiple things. All right, our next question is an upvoted question. This person’s new to the field. What are some pieces of advice that we can give to someone new to the field? Despite AI being available, they’re afraid that their skill advancement would be slower than the AI development.
idna: I think the only way you lose in this situation is if you let fear slow you down. Like in a way, if I’m delaying learning, that is really just procrastination in disguise. Before AI it was like we have a hundred different resources to learn. If I keep trying to find the most optimal path to learn, I’m really not learning anything because I’m just wasting days — and it doesn’t feel like I’m wasting days because I have a plan to eventually learn. I kind of think AI is kind of the same way where you’re like, I don’t want to do this learning because eventually AI is going to replace it — when, maybe, maybe not, you never know. I’d say you’re going to be in a much better position if you learned anyways. I always fall back to, like, if I’m vibe coding AI — to me, learning isn’t obsolete yet.
FalconSpy: All right, moving on. Can an individual do the CPTS in three days if they have nothing else that they’re doing, just sleep and go back to it? No, no. Can you — you know, life — the CPTS exam.
idna: Can you pass the exam? Maybe. The path in three days? I guess — can you do all the prereqs to get to the CPTS exam in three days? I’m gonna say no. Maybe Zayad to correct me, but I’m firm on no.
21y4d: Yeah, I’d say no. Even if it is just the exam, I mean realistically speaking, you will have to do a lot of recon and you’ll have to go through some rabbit holes and you have to kind of pick and choose and it is a big exam. So doing it in three days — it’s not impossible but it is very difficult. Obviously if you include the path, it is impossible — the path itself takes a lot of time. But yeah, just for the exam it is not reasonable. I wouldn’t say — I mean if you are a super skilled person then maybe, but it is not usually the case based on the average.
FalconSpy: What’s the fastest you’ve actually seen someone complete the path, academic wise, and then do the actual exam and complete it? Is that a metric you’ve collected at all?
21y4d: No, but we can detect people who cheat that way. Some people obviously get the answers or they cheat somehow. So this is one of the many methods we find people who are cheating.
ChadB: I do know that there’s at least one person that completed the path in 30 days. And this person was kind of in an isolation type position — they were overseas in a barracks, and I think as a matter of fact he did it using his phone as a hotspot and there was literally nothing else to do. So he sat in a corner, literally on the floor with his laptop, and he grinded the path. This person was also very knowledgeable beforehand as well though.
21y4d: Yeah, I mean 30 days if you are dedicated is reasonable. What I meant is if you find someone who completed the path in one day and then the exam in two hours, then this is obviously cheating. Sometimes it is a little bit more, but I mean, still — we can tell. We have so many vectors, we will not just say somebody cheated because we suspected them. We have so many things that must fall into place and we would know for sure that somebody is cheating. I mean, in general, it is not worth cheating. You are only cheating yourself out of knowledge. You are paying this money to learn, so I mean, what’s the benefit if you just cheat your way through it?
FalconSpy: All right, next one’s an upvoted question. In a field that evolves as fast as cybersecurity, what do you think contributes most to burnout? Is it the sheer volume of things to learn, the pressure to stay current, or something else entirely? I would say for me —
idna: Cool stuff going on that I feel like I need to get involved with and have a look at and learn it, and I barely scratch the surface on any of it because every day there’s a new thing. And that’s quite enjoyable but it is also quite overwhelming at times.
FalconSpy: Report deadlines. Other than that, this is a great job. I think it depends on what your role is or what you’re doing. I mean, if you’re sitting there answering tickets day in and day out — and maybe you’d enjoy that, you know — but for some, answering tickets day in day out gets kind of old and stale. But I think it was — is it what you said earlier, ippsec, or maybe it was Chad, I can’t recall — take new tickets that you’re not used to doing and make it fun and interesting. Take something new.
ChadB: That was ippsec. I said lo-fi.
FalconSpy: Okay, ippsec. I just didn’t want to quote the wrong person. And then on the other side, right, like I used to be a pen tester and I would do my assessment for three weeks, take a week to write the report, do their report right out, meet with the service team, go over the findings, help them remediate, and then I would immediately jump back into another engagement. So like if you don’t have any downtime between certain things — like if you’re a pen tester and you don’t have any downtime between engagements — you might start to experience some burnout. It really all just depends on what you’re doing. Anyone else? All right. I have an upvoted question here. Can or should someone skip the CPTS exam and go straight for the CAPE certification if they only want to focus on Active Directory and nothing related to web?
21y4d: You can, but you have to do the prerequisite modules that are mentioned in each of the CAPE modules. Many of those are in CPTS — for example, introduction to Active Directory and so on. I think there are at least five modules or I don’t remember the exact number, but not just about Active Directory. There are certain things you need to know for you to be able to do CAPE. That’s why we mentioned it is highly recommended for you to do CPTS, because you will end up doing most of it anyway. But I mean, technically you can, as long as you understand those topics and you complete those modules, you should have the necessary knowledge to be able to complete CAPE.
FalconSpy: A lot of upvoted questions. All right, another voted question — up to you if you want to answer this. Are there any plans on expanding WordPress modules?
21y4d: I was actually thinking about this a few weeks ago. Is WordPress really a thing with all the AI coding and so on? I’m not sure.
idna: Just because it’s WordPress doesn’t mean it’s not a valid attack. I think WordPress in that module is kind of like clickbait to get people interested in it, but I think those attacks still translate to other things.
21y4d: Yeah, no, I meant are people still using WordPress? I mean, they can just vibe code their own websites now.
FalconSpy: Pages nowadays, outside of like, if it’s not WordPress for a free thing, it’s GitHub Pages.
idna: Most tacky people, but a lot of people don’t want a WordPress — a lot of people that want a WordPress site aren’t necessarily people that know how to create a website or anything like that. They just want something fast and simple, which is why it’s so successful, which is why it’s so often attacked.
FalconSpy: All right, another upvoted question. Will pentester’s future be similar to software developers managing and orchestrating agents and then reviewing their output? I think you guys have all said it before.
ChadB: Know how to use and employ AI. As long as you don’t think it’ll completely replace you — I don’t think it’ll replace me. I would just have a firm knowledge of it, know how to be able to do those things for sure. And also know how to not depend on them if they aren’t available.
FalconSpy: All good. I don’t have anything to add. We’ll move on. I think we have enough time for like two questions left depending on how these are. What is the most obscure enterprise software which you had to deal with? I imagine anything that’s super obscure would be proprietary to any specific companies and people can’t share that. I agree with that — everything I could think of I certainly can’t talk about. Same. All right, this will probably be the last one and it’s not voted. What are some good books for networking that you would recommend from beginner to advanced?
FalconSpy: Networking for Dummies? I don’t know. I got nothing on that.
ChadB: I think probably Networking for Dummies. It is very old but I’m fairly certain I have one.
FalconSpy: Honestly, insert asterisk — for dummies — any of those books are probably an amazing place to start. As maybe condescending as the title of those books are, like they are all very well written and will hopefully teach you the concepts that you want. So I think any book for dummies is probably a good place to start. I know we talked about the CCNA, so you know, if you really want networking, obviously CCNA will probably get you more towards the middle of the pack — intermediate and advanced. There’s always, you know, there’s books on how to use nmap, it’s very dry — I have it — but it’s written by the creator of nmap. There’s many different books on networking. I’ll take the silence from everyone that they have nothing to add. All right, well that wraps up this week’s Cube Talk. If you’re interested in future Cube Talks, you could take a look at the top of Discord at the event section. You’ll see when these are live in your local time zone. They’re every Friday unless stated otherwise. You can say you’re interested and you’ll see an alert when these do go live. You can also see when we have other events going on here in Discord. These are recorded — this will be uploaded later to Spotify. And we will have these eventually uploaded to YouTube. I am working with Jexx, who’s on last week, and someone else who is not here on the panel, to make that happen. So they’ll be up on YouTube. Thank you everyone, and for those who want to hang out for the after party, I am available. It’s an unofficial after party and we’ll just answer as many questions as we can, no bot. And yeah, we’ll see you all next week. Take care.
FalconSpy: Thanks.