May 13, 2022
by Hacker Valley Red
In this season of Hacker Valley Red, we focus on cybersecurity legends in offensive operations with a legend in physical pen testing and lockpicking: Deviant Ollam. As a pioneer in our industry and an author of two incredible books about lockpicking, Deviant shares his history from hobbyist to professional and all that he’s learned along the way. He also discusses making the secrets of the hacking world accessible to all.
Sponsor Links: Thank you to our sponsors Axonius and PlexTrac for bringing this season of HVR to life!
Life is complex. But it’s not about avoiding challenges or fearing failure. Just ask Simone Biles — the greatest gymnast of all time. Want to learn more about how Simone controls complexity? Watch her video at axonius.com/simone
PlexTrac, the Proactive Cybersecurity Management Platform, brings red and blue teams together for better collaboration and communication. Check them out at plextrac.com/hackervalley
What does it mean to be a pioneer in cybersecurity?
As our season focuses on legends, it’s important that we explain what makes these individuals such a vital part of our community. In the case of this episode, we explain that our guest Deviant is nothing short of a pioneer. Deviant has been willing to take on new challenges and revolutionize the industry throughout his career, influencing hundreds of individuals and leaving a lasting educational impact on the entire industry.
“That ‘zero to one’ part can be the hardest part of any progression in any field, but especially in cybersecurity.” — Chris
When you reflect on changing this whole industry, how does that make you feel?
Despite our guest’s legendary reputation, Deviant is humble about his achievements, caring more about how his work has impacted others than himself. What he focuses most on in his teaching, presentations, and writing is making lockpicking and penetration testing accessible and understandable. Instead of harboring secrets and perpetuating exclusionary policies, Deviant wants anyone to be able to master these skills and understand this knowledge.
“I’m not the first one who ever did this. What I like to think of my contributions is that they have chiefly been making it accessible and democratizing this knowledge.” — Deviant
Do you think it's harder today to stand out than it was a couple of decades ago?
For Deviant, our globalized internet and algorithm-focus social media sites are both a blessing and a curse. While knowledge can be found on every corner of the web and anyone can become familiar with the information that was once borderline inaccessible, Deviant also recognizes that younger hackers and lockpickers will have a very different rise to success than he did years ago, especially due to fragmented audiences and tricky algorithms.
“We have more avenues to put yourself on display, to put yourself out there than ever before, but that means the audience is fragmented and is spread so thin.” — Deviant
What piece of advice would you have for the folks that want to make an impact in security and technology and in our community today?
Although success will look different for newer members of our cybersecurity community, Deviant is confident that the younger innovative minds of the future will be able to solve so many of the long-standing problems within our industry. However, he reminds our younger audience that they need to still respect the tenured members of the cybersecurity world and learn from them without oversimplifying the issues past professionals have faced.
“Start thinking about it in a way that doesn’t use ‘just,’ because every old head in the industry has heard that….We couldn’t ‘just’ do it, or we would’ve ‘just’ done it.” - Deviant
Hacking the Vocabulary:
Physical pen-testing — A simulated real-world threat scenario where a malicious actor attempts to compromise a business’s physical barriers to gain access to infrastructure, buildings, systems, and employees.
CVE— Common Vulnerabilities and Exposures (CVE) is a database of publicly disclosed information security issues.
Lockpick Village — A physical security demonstration and participation area where participants can learn about the vulnerabilities of various locking devices, techniques used to exploit these vulnerabilities, and practice on locks of various levels of difficulty.
Additional resources to check out: Robert Morris, the Morris worm, TOOOL, the CORE group, Practical Lock Picking: A Physical Penetration Tester’s Training Guide by Deviant Ollam, Keys to the Kingdom by Deviant Ollam, DEF CON
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
This season of Hacker Valley Red wraps up with another interview of an incredible offensive cybersecurity legend. Known first and foremost for his work founding Metasploit and his recent work co-founding Rumble, HD Moore joins the show this week to t...
We’re joined again by the hacker’s hacker, Tommy DeVoss, aka dawgyg. Bug bounty hunter and reformed black hat, Tommy dives back into a great conversation with us about his journey in hacking and his advice to future red team offensive hackers. We cov...
We’re joined by million-dollar hacker and bug bounty hunter, Thomas DeVoss, this week as we continue our season-long discussion of offensive cybersecurity legends. A legend in the making with a success story in bug bounty hunting that has to be heard...
John Hammond, Senior Security Researcher at Huntress Labs and self-described cybersecurity education enthusiast, joins us as we continue our discussion of red team legends. With a focus on content creation this week, John discusses his success with h...
We’re joined by sponsor and guest Dan DeCloss, CEO and Founder of PlexTrac, on the podcast today to talk about communication and collaboration between the red and blue side of cybersecurity and why security success depends on those two sides working ...
We’re breaking down the concept of difference makers this week and we couldn’t help but call upon Mari Galloway, CEO of the Women’s Society of Cyberjutsu, to be our guest during this conversation. As a black woman in cybersecurity who has dedicated a...
Those on the red team may not be household names to the everyday person, but they are absolute legends and icons in the world of cybersecurity and hacking. While we have our personal favorite hackers between the two of us, we also invite our guest, D...
In this season of Hacker Valley Red, we focus on cybersecurity legends in offensive operations with a legend in physical pen testing and lockpicking: Deviant Ollam. As a pioneer in our industry and an author of two incredible books about lockpicking,...
In this special mini series of Hacker Valley Red, hosts Ron and Chris are joined by the Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, to review and highlight elements shared in CrowdStrike’s 2022 Global Threat Report. In the fin...
In this special mini series of Hacker Valley Red, hosts Ron and Chris are joined by the Senior Vice President of Intelligence at CrowdStrike, Adam Meyers, to review and highlight elements shared in CrowdStrike’s 2022 Global Threat Report. In episode...