Show Notes
John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with his YouTube channel, his passion for showcasing authentic and accessible educational materials online, and his advice for creating content safely and spreading awareness with not only a red team or blue team mindset, but with a purple team perspective.
Timecode Guide:
[01:37] Understanding the impact of content creators in the cybersecurity community, especially when it comes to YouTube educational content
[06:58] Becoming a successful YouTube creator through consistently posting hacking content and ignoring the stereotype of “overnight success”
[13:28] Combining his role as a cybersecurity educator with his security research at Huntress to explore exploits and have real life experience with what he teaches
[16:47] Focusing on the blue side of the house as someone with red team experience, and understanding how to use a tool like PlexTrac to create a collaborative purple team
[21:13] Being mindful of the impact he has through sharing this knowledge and understanding the risk of cybersecurity educational materials falling into “the wrong hands”
Sponsor Links:
Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalleyPlexTrac is pleased to offer an exclusive Red Team Content Bundle for Hacker Valley listeners. This bundle contains both our "Writing a Killer Penetration Test Report" and "Effective Purple Teaming" white papers in ONE awesome package. Head to PlexTrac.com/HackerValley to learn more about the platform and get your copy today!
What is your origin story for wanting to educate other hackers?
Like many of us, John started his journey Googling how to become a hacker. As he gained more knowledge about the specific skills involved in hacking, John never left the internet behind, always seeking out videos and articles explaining new and emerging content. Inspired by those who created that content in the first place, he started his own YouTube channel, simply titled John Hammond, as has spent years cultivating a consistent hacker audience.
“Along the way, creating content and helping educate others through YouTube is really my main stage platform and has been just a passion project, a labor of love, and something fun along the way.”
What feelings do you get looking back on the YouTube content you’ve created so far?
John prioritizes clarity, transparency, and honesty in what he does, and he’s not afraid to show some humbleness, too. Overall, John is thankful for his YouTube success and the impact it had on the cybersecurity community. No matter what he’s showing in his videos, he prefers to keep things honest, to show where he’s made mistakes, and to accept criticism and advice from other hackers and offensive cybersecurity professionals that see his work.
“I'm showcasing just my computer screen, maybe you get a little face cam and a circle on the bottom right, but it's like you're looking over my shoulder. You're seeing me showcase something raw, live, genuine, and authentic…It’s not all sexy, there’s a lot of failure in hacking.”
Have you ever considered focusing on the blue team or the defensive side of cybersecurity?
The majority of John's YouTube content and the work he does in his role at Huntress Labs heavily involves the red team and offensive side of cyber. However, John is a huge advocate for the blue team and the red team collaborating and communicating better. Through making more concepts in cybersecurity accessible through educational content like John’s own videos, he hopes we can continue to bridge the gap and achieve that perfectly mixed purple team.
“We're all playing in concert. As one team sharpens their skills in the red team pen test, then it's up to the blue team to figure that out. What did they do? How can we better detect it? How can we stop and mitigate that security threat?”
What advice do you have for red team content creators that want to share content and spread awareness safely?
With the impact that he’s had and the content he’s put out onto the internet, John is no stranger to seeing the negative side of cybersecurity knowledge being more accessible than ever before.
Still, he wants to make sure content creators understand the value of transparency and honesty in what they do. Instead of fearing what could be, cultivate a community around making this level of knowledge and security available to everyone.
“Share, be transparent, be forthcoming. I know there are a lot of conversations about gatekeeping in cybersecurity, but there shouldn't be that. I understand there's grit and determination and hard work to do all the things that you're doing, but be friendly and be transparent and honest.”
----------
Links:
Check out our guest, John Hammond, on YouTube and LinkedIn.
Keep up with Hacker Valley on our website, LinkedIn, Instagram, and Twitter.
Follow Ron Eddings on Twitter and LinkedIn.
Catch up with Chris Cochran on Twitter and LinkedIn.
Continue the conversation by joining our Discord.
Recent Episodes
The Year of the Agent: AI, Bug Bounties, and Cybersecurity ...
How will AI redefine cybersecurity in 2025? According to Marco Figueroa, Program Manager for Gen AI at the ODIN Bug Bounty Program, this year is set to be the "Year of the Agent," where AI ...
Understanding the Psychology of Cyber Risk with David Shipley
Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and ...
From Landscaping to Cyber Leadership with Cole Lisko
How does a scorching July day in a van with no air conditioning lead to a career at one of the world’s top cybersecurity companies? In this episode, Cole Lisko shares his journey from ...
Think Like a Hacker, Solve Like a Leader featuring Ted Harrington
What if the key to innovation is breaking the rules? Ted Harrington, Executive Partner at Independent Security Evaluators and a pioneering ethical hacker, explores the power of commitment, ...
Hacking Trust with AI and Deepfakes featuring Iain Jackson
What happens when cutting-edge AI meets the art of deception? In this episode, Iain Jackson, Academy Hive Leader at CovertSwarm, takes us through the uncanny potential and risks of synthetic ...
Championing the Human in Cybersecurity with Julie Haney
What happens when cybersecurity puts people first? Julie Haney, Human-Centered Cybersecurity Program Lead at NIST, shares how designing security with humans at the center leads to greater ...
Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid ...
Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they’re sharing firsthand how ...
Transforming SOC Operations with AI featuring Roy Halevi
Cybersecurity is evolving fast, and AI is at the center. Roy Halevi, Co-Founder and CTO of Intezer, explains how AI automates SOC operations, improving speed and accuracy while freeing up teams ...
From Shadow IT to Full Asset Visibility with Wes Wright
Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take ...
Building Opportunities for Women and Minorities in Cybersecurity ...
How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon.