Hack Your Way to Achievement: One Small Step at a Time Artwork

Security Unfiltered

Cyber Security can be a difficult field to not only understand but to also navigate. Joe South is here to help with over a decade of experience across several domains of security. With this podcast I hope to help more people get into IT and Cyber Security as well as discussing modern day Cyber Security topics you may find in the daily news. Come join us as we learn and grow together!

All Episodes

Security Unfiltered

Hack Your Way to Achievement: One Small Step at a Time

September 15, 2025 • Joe South • Episode 203

Send us a text

Ted Harrington shares insights about achieving difficult goals through disciplined habits rather than relying on fleeting inspiration. He explains how the hacker mindset—being curious, non-conforming, committed, and creative—can help anyone overcome challenges and find overlooked opportunities.

• Breaking big goals into smaller, manageable pieces makes difficult tasks achievable
• Inspiration only gets you started; habits and consistency are what help you finish
• The four traits of the hacker mindset: curiosity, non-conformity, commitment, and creativity
• Focus on genuinely helping others rather than self-promotion in professional interactions
• Applying the hacker mindset can reveal opportunities others miss in any field
• AI is changing both attack and defense strategies in cybersecurity, but fundamental principles remain the same

Check out Ted's new book "Inner Hacker" to learn how to apply the hacker mindset to achieve your own goals and find hidden opportunities in your life.

Support the show

Follow the Podcast on Social Media!

Tesla Referral Code: https://ts.la/joseph675128

YouTube: https://www.youtube.com/@securityunfilteredpodcast

Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast

Speaker 1: 0:53

How's it going, ted? It's great to get you on the podcast. It's been a couple of years. I don't know if I even had kids when we last talked. I always judge it by that because it's like man, how long ago was that? How much of my life has changed since I last talked to someone?

Speaker 2: 1:11

I like that. Well, yeah, big changes for you. So I'm excited to be back and to chat with you again. Good to see you.

Speaker 1: 1:21

Yeah, absolutely, I mean you, you know, you've you've definitely been hitting the speaking circuit a bit. You got a new book coming out. I mean, how do you do it? You know, you're, you're, you seem like you're just endlessly busy.

Speaker 2: 1:29

It is a lot. I was just thinking about that today, this morning, about how it's like I just started I was feeling a little like stressed about some of the things that are going on right now and I started just rattling off the things I actively have going on right now and I realized like I think it's okay to feel a little stressed when there's there's this much going on, but I don't know, I just like I find it to be really, really inspiring and invigorating to have a bunch of different things going on and like pushing multiple different boulders up the hill at the same time, and I really liked that. I mean, obviously, you know crosses an inflection point sometimes where you got to pull back a little bit and do some self-care. But I just I think the short answer is I like it, I just like working on a lot of cool things at the same time.

Speaker 1: 2:11

Yeah, that is. I really relate to that. I find myself in that same situation no-transcript, first house, having our first kid, oh, and I'm starting my PhD all at the same time, right, like in doing a podcast and a nine to five, you know it's. It's like how many more things can I put on top? You know, before, before, like I crumble, right, so I'm trying to do a bit better of a job about that. You know, like trying to stay on top of getting some exercise in daily and, you know, cutting off, cutting off the projects after, like November, you know, and picking them back up in like February, you know, trying to just figure out what works best, to work most optimally, I guess.

Speaker 2: 3:15

Yeah, I mean, I think really what we're talking about here, it's kind of interesting. I think it will relate to some of the themes we might discuss later throughout the episode and I don't think we set out to start with this discussion but it's really interesting talking about these ideas of tenacity and like persistence and resilience and how do you accomplish big and difficult and meaningful things. One of the things I think is really interesting is a lot of people who haven't say, written a book, like people ask me that all the time. Like, what's it like to write a book? Tell me about the process, what was inspiration? What got you started on that stuff? And it's really interesting because that is a good question to ask, a good series of questions to ask, and I do think it's the right way of like for a non-author to be thinking about well, what does this journey mean?

Speaker 2: 4:00

But there's this really glaring element to the question that stands out to me as people ask that, which is it's all about inspiration, right, like what inspired you to write this? What was the moment you knew you need to write it? And that is true. You have this moment of inspiration, maybe, where the idea comes to you, and the same for entrepreneurship, the same for creating anything that didn't exist before. You have this moment where you're like I can do this thing, or this thing needs to be done, or maybe there's the inspiration, that or the moment. That's not inspiration, but it's like the commitment. I've been kicking around this book idea for a while. I've been kicking around starting this company for a while. I've been kicking around making this change in my life for a while. Now I'm gonna do it.

Speaker 2: 4:37

But what's overlooked in all those is that the inspiration and that moment of commitment. Those only get you started and they barely get you started. They are what get you off the sideline and into the game and what it takes to complete the effort, to finish the race, if you will, is that's habits. So when you set out to do something big you want to start a company, start a podcast, like you're talking about, you want to build a house, buy a house, invest in real estate, like whatever the things are if you want to do, it's like you got to build these habits of being able to consistently, over a long period of time including when it's boring or tiring or you're burnt out being able to contribute to those efforts. That tenacity, that's the hacker mindset in so many ways Like that's what hackers do is they're just, they're persistent, but that's what it takes. It's not about inspiration. It's about discipline, habit building and consistency over a period of time.

Speaker 1: 5:31

Yeah, that's very true. That's very accurate too. You know, and I was talking to a friend of mine who I've known for many years at this point and he was trying to get into cybersecurity or is still trying to get into cybersecurity. He's really just at the beginning of his journey with that and he was complaining about, you know, he can't focus, can't like stay engaged in, you know, the material all the time that he needs to and whatnot. He's very inefficient essentially with his, with his study time, right, and I basically broke it down for him exactly like that, like you have to learn how to hack your own mind and you have to play games with your mind and you have to continuously do it.

Speaker 1: 6:08

Like for me, when I'm studying, or when I'm writing my PhD, my dissertation, you know like I have music playing in the background, right, because it needs to like occupy that part of my brain that won't be quiet so I can focus on writing, you know. And like I even like take it back to like when I was training for marathons, right, like I'm out there, I'm not the fastest runner, so it takes me forever to complete like 20 miles, you know, it just takes me an embarrassing amount of time and the only way that I can do it to like run for long distances like that, because I'll get bored, my mind will get bored and I'll talk myself out of it. Like, why am I running this far? Why am I running this long? This is stupid. You're tired, your feet hurt, your legs hurt. You should just stop. You're gonna pay for this tomorrow, all that sort of stuff.

Speaker 1: 6:53

Right, I actually count backwards, like I started looking at my watch. I'm like, okay, right, I actually count backwards, like I started looking at my watch. I'm like, okay, this many steps equal to this 0.01 of a mile, and I got this left to go, and you know all that sort of stuff. So then, that's how many steps? Like all these games. Right, there's no reason for me to think about any of that stuff, but I have to find a way to preoccupy my mind to reach that goal. Like that's the only way that I can do it.

Speaker 2: 7:18

Yeah, you know what you're doing when you describe, that is, you are preoccupying your mind for sure. You've figured out the way you think and how can you optimize your habits or your process around that. So that's phenomenal self-awareness. There's an element to what you're describing which is, I think, really key to achieving anything difficult, which is break it into smaller pieces. Right, so you don't run 26.2 miles in one step, you run it in like whatever, that is, like 30,000 steps or something. And so, looking at it, like you know, not even how do I get to the half mile mark, half marathon marker. It's like let's get to mile one, Great 25 to go, and then it's. You know, I'm, you know, inserting the framework on the way you described it, but breaking it down into its small things. All right, I don't have to run 25 more miles, I have to run one more mile and then I'll check in with those. Maybe I'll have a water, then maybe I'll give myself some sort of like you know, positive reinforcement or something.

Speaker 2: 8:15

Yeah, breaking big goal into its sub components is the way to do anything that's hard, like writing a book, as an example, as something similar, where by the time you're done writing a book, you've gone through that manuscript like I actually don't know exactly the number of times, but I would say probably like 2030 times at least. You've gone through every single word, the whole thing, and then done it over again and each one of those you feel like I'm almost done. I'm like you know, I got one more chapter to go and. But if you thought about it as like, and then I have like two dozen more of this, you you probably wouldn't do it. But if you could just look at the thing that's just on the horizon in front of you, like I just got to get part one finished today or part one finished this week or whatever, that's week or whatever.

Speaker 1: 9:02

That's way more achievable and it's not as daunting and you just build a habit, you do that over time and that produces really big outcomes. Yeah, yeah, I mean, it makes a lot of sense. That's the same mentality that, like, the special forces use when they're going through their training, right, like I don't know if you've ever like looked into that or anything I definitely have, but you know they always say, like if you want to quit, cool, quit tomorrow. Don't quit right now. Like don't quit in the moment. Go go back to your bunk, think about it when you wake up. If you still want to quit, you know, get through the warm, we'll see.

Speaker 1: 9:24

If you still want to quit, then you know, like all that sort of stuff, and you know even even like when I was doing wrestling, like our coach told us he's like this is going to be the hardest thing that you've ever done. Right right off the bat we bat. We all thought that he was joking and, of course, like it was absolutely the hardest thing that we ever did physically. And you know he even told us he's like, just make it to the next drill. There's, there's new drills every five minutes. Make it to the next, next one. You know and reassess, right, like, don't quit right now, don't quit in the moment, and that's. I think that's the thing that a lot of people get caught up in, right, it gets too difficult. You don't know what the next step is, you can't see it, you can't see the finish line and it kind of overwhelms you and you just quit, you walk away from it. It's like, oh, I can't do it, but there's millions of other people that wrote books you know.

Speaker 2: 10:10

So, like you can do it no-transcript wand and like poof, you know they're in. And it doesn't quite work that way. I mean some, in some cases it does. Systems are so badly built that it's like literally a couple keystrokes.

Speaker 2: 10:55

But uh, for the part it's just, it's probing and pushing and trying different things and hitting dead ends and chasing red herrings, and you just do it over and over and over and over and over again and eventually you find that thing that may not itself yet be the exploitable vulnerability, but it leads you to the next thing and every hacker that I ever talked to about like what do they love about this? They talk about some version of that, like that dopamine that comes from that. They're like, oh it's, it's almost like a drug, it's like you know, getting closer to and then finally finding that vulnerability. It's like so meaningful and fulfilling and it's the, it's the hard things make the payoff richer. Right, if it was easy to achieve things like, it wouldn't be that meaningful. But because things can be hard, the things that are hard, those things are the really, really rewarding efforts that we can pursue.

Speaker 1: 11:46

Yeah, no, it's like having that mentality of like, well, what if I can do it right? What, what if I can actually accomplish this? You know, I, I, I don't know like, like I started with right, like something's wrong with my brain where if it's too easy or I get too used to something like I have to switch it up and make it really hard. Maybe when I'm done with my research, I'll go the offensive side of security. I've always done the blue team stuff. I've always been on the defensive side, the engineering side, but now I'm starting to get the itch, you know, again to to get into the offensive side. So it's like, all right, let's, let's get this PhD done and then I'll. Then I'll dive into that rabbit hole.

Speaker 2: 12:24

And both sides will make you better, right? So you go the blue route for a little while and then you do the red route red route for a while. That's going to make you a better blue teamer, and the fact that you've been a blue teamer all along is going to make you better a red teamer, and you keep combining those things. I mean, one of the things that is a really important facet for any aspect of life but let's talk about in the hacking realm right now is the ability to stand and analyze the viewpoint of others Like this is what hackers are so good at this they're able to look at something and think what was the developer thinking when they built this system? Like, what was the engineering process they were going through? Why did they build it that way and when? Being able to put yourself in someone else's shoes, that is how you can then think about okay, well, and then how would I? Maybe? Where are the gaps in that thinking?

Speaker 2: 13:10

Social engineers do this all the time, right? That's why, like a social engineer, if they're trying to get into a building, they might wear a reflective yellow vest, because what does the person on the other side of the table think when they see someone walk in carrying a ladder, wearing a yellow vest. Oh, that person is probably a maintenance person. They're probably supposed to be here. Let me make their life easier. Their hands are full of this ladder and all these tools, and that's why that's so effective, because that social engineer has put themselves in the shoes of the person they're trying to deceive and try to think about in this person's moment, the way they think, the way they do their job.

Speaker 2: 13:42

How are they going to see me? And that is a really, really important thing to do. So what you're talking about this idea of like having pursuing different elements, different angles of really the same profession all that's going to do is make you better, and I think there's a lot of people who feel like, once I switch from one thing to another, now I'm like at the basement again. Now I have no experience, now I'm a novice again, as if that's a bad thing. Being a novice is phenomenal. First of all, that's where curiosity is so abundant. But, yeah, you get this now variety of perspectives, which is just going to make you better at everything else that you do.

Speaker 1: 14:17

Yeah, yeah, that is very true. I feel like there's a stigma still in the industry right, where it's like it's almost difficult for people to switch, even within security itself. You know, like trying to go from blue team to red team and whatnot, like they just don't want to spend the time and the money trying to give you that space to learn and grow into that role. You know they want you to, I guess, like already be the expert, to already be. You know the person in the room that knows and has the answers. How do you get beyond that?

Speaker 2: 14:49

Yeah, that's. That is a tough one, because when you look at a lot of job descriptions today, they're getting better, but a lot of them are just preposterous. Right, they're like you know you need it's an entry-level role and you need 15 years experience and a PhD, and you're like well, which is it? Is it an entry-level role or is it a more? You know what are we talking about here. So the first step is that the people who are hiring these types of roles need to be a little more realistic about what they're looking for. I get the idea of wanting to like find the unicorn. Every company wants that in every role they ever hire. They're like we want this person to excel in these ways and we want to meet our budget requirements in these ways, which probably don't align to that, and it'd be great if they also, as a secondary thing, were elite at this other discipline. That's unrelated to that core job, like a lot of companies. That's the way a lot of job descriptions read, and so I'm not blaming that on any hiring managers, for security in particular, because that's just like a normal thing. But the first step is we need to be more realistic about what we're expecting to get out of people. So that's on the hiring side, on the side of the person who is now themselves trying to get the job.

Speaker 2: 16:00

What I'd recommend let's say, someone listening to this finds himself in that situation and they are applying to an entry-level role, but the entry requirements of the role are not entry-level. They're an entry-level person or maybe it's the role. We see this all the time where it's like this person needs to have, like you know, 20 years of tech leadership and then they also need to, and then they describe like the person who does the hands-on engineering, and it's usually one path or the other. By that point it's not both. So what I recommend for people when you find yourself in that situation is you really can stand out in that interview by helping the person you're interviewing with understand what they're looking for better. So that is arrived at through clarifying and open ended questions. So they're going to sit down and they're going to say some version of okay, tell me about yourself, or whatever. Whatever they open with Doesn't matter. That's your opportunity to start being the investigator and start saying okay.

Speaker 2: 16:57

I noticed in this job description it states X, y or Z. Could you explain to me the reasoning behind this, like what's actually driving that? And just keep asking those open-ended questions. Open-ended questions cannot be answered with yes or no. They require an expansive answer, and when you ask those, you get the other person starting to explain what it is they're really trying to accomplish. Like what's?

Speaker 2: 17:19

You get the other person starting to explain what it is they're really trying to accomplish. What's the problem they're trying to solve? Why are they filling this role? Why are they putting resources towards this?

Speaker 2: 17:24

And then you can help them shift the conversation, if you are in fact suited for it. Like they might describe the whole thing, what they're really after, and you're like oh, it turns out I'm actually I really can't, I'm not good for that, but most likely you're good for at least some of it. And that's where you can reshape it and say okay, here, what I'm describing, you say, is you need blank, and here's my expertise as it pertains to blank. But here's why I think you should think about it in a slightly different way. And there's some risk of that, because the hiring manager might be like I don't want to think about it a different way at all. Who are you to suggest anything like that?

Speaker 2: 18:01

You might have the opposite, though, where the person is now realizing they're thinking about it differently. You have helped them think about it differently. If you're the person who's helping them think about the job differently, you are immediately at the top of the pile. So that's how I would recommend dealing with that complex situation. It's not easy, but I think it's a great way to approach it. I mean, a lot of people want to go into a job saying here's what I'm good at. Hire me for that. And yes, you should have that. But I think it's much more powerful to really truly understand like, will this even work for you? You might find out yeah, I'll excel at this job, but I don't actually want to work in this company, or I don't want to do this job or whatever. It's as much up to the candidate to figure out whether they want to work at that company or not as it is for the company to decide where they want to hire that candidate.

Speaker 1: 18:44

Yeah, interviews definitely need to be both ways, you know, and it's difficult to do that too as a candidate, right, because you always feel like, at least in my shoes, I always feel like I'm like put at a disadvantage, almost. You know, like hiring managers, I feel like some of them will kind of, you know, choreograph the interview in a way that like hides some of the things that would determine or persuade me otherwise of not going there, right, and they just always, very conveniently, you know, leave out things like oh yeah, we actually have no budget, we just want you to just sit here. You know, that sort of thing, which is, you know, for someone like me, it's, it's like gut wrenching, it's like, okay, you know, I made a mistake going to this place, right, that's like the worst, that's the worst feeling, you know, because you're not being challenged at all and you're not allowed to, you know, change anything yourself, which you know.

Speaker 2: 19:38

For me, that's like not who I am no-transcript, and you might be the only player in that game now. But, more importantly, I mean, think about it this way right, let's say someone goes and does like 50 interviews, no-transcript, positive things that eventually do return to you. And like the thing that I always tell our team, like the members of our business development team, for example, whenever they are like, when we're talking about coaching, like how do you talk about what we do to our customers, our prospective customers? And for me, the mantra always comes back to is just help this person. Like every meeting you go into, you're not trying to sell them anything, you're just trying to help them. If you can help this person understand their problem differently, figure out a way maybe they can go solve it, including if that way is to not talk, to not work with us, that's fine too. But if you come from this like and you're genuine about it, you genuinely wanna try to help the person you're talking to, then good things will happen. And I think for a lot of them that's a surprise. They're like aren't people supposed to talk about sales in terms of, like, click rates and open rates, persuasion tactics and stuff, and it's like yeah, I mean I guess there's probably a lot of sales engineering you can do around that, but I just think it's just helps them Like, if you, if you start everything with that ethos, good things will happen and that's, I think, a great way to think about sales, that's a great way to think about selling yourself in terms of getting a role, and that's just a great way to like humans want to treat each other getting a role and that's just a great way like humans want to treat each other.

Speaker 1: 22:30

Yeah, recently fairly recently, you know, last year I went onto the professional services side of security and it's it's great to see that I guess I'm doing the right thing. You know, when I start the conversation off with saying like, hey, tell me what your biggest challenges are, right, I'm not like even selling anything. You know, I give them my background as like a initial intro or whatever, and then I'm just tell me what your issues are and if I can't help you, you know I'll send you somewhere else. Like, I know a lot of people in the industry, I'm sure I can find someone to help you. You know, that always seems to pan out a whole lot better than just trying to sell them a service or a solution or whatever it might be.

Speaker 1: 23:05

And even the most successful salespeople that I've worked with throughout my career they I mean they spend like five minutes at the end of the conversation just being like, oh yeah, like you know, I got this thing over here. If you want it, we can do it, but if not, no worries. You know, like that sort of mentality and having that having that interest right, because it comes down to having a genuine interest in the person in front of you, rather than seeing them as a dollar sign or, you know, making some sort of money off of them or whatever. You're just here to help them and when you're genuinely there to just help, you know, I think it comes off a whole lot, whole lot better, a whole lot different, and it works out better for everyone.

Speaker 2: 23:43

I mean people want to work with, do business with, partner with, et cetera. People they like I'm in the process right now of interviewing for a new tax strategist. I mean talk about a snooze of a profession to be interviewing people about, right, and I've narrowed it down to maybe three or four. They all seem very, very capable. They all know the tax code better than I do. So then it's like, okay, well then, what you know, and now I'm realizing, like of these three or four, all roughly equally qualified, fees vary, but it's not like you know orders of magnitude and variation.

Speaker 2: 24:19

It comes down to like the guy that I like talking to, like the guy who understands my business, who was asking clarifying questions, who's like curious, not just about like the numbers but about oh, why do you make, why'd you make that particular business decision, what's driving next, et cetera. It's like that's the guy I want to do business with, cause he's like he's interested and he's engaged and I like him. I think just I know it's maybe not as actionable of advice like be likable to other people, but being likable starts with wanting to help other people. Like if you genuinely care about other people and helping them, you can overcome any interpersonal conversational deficiencies that you might have if you just want to help other people.

Speaker 1: 25:02

Yeah, that's a great point. So you know, tell me about your book that's coming out. I think I'm registered to find out when it goes live. But tell me, tell me what this new book is.

Speaker 2: 25:12

Yeah, the new book is called Inner Hacker and the concept of it is for a general audience, so I wrote this for everyone, not just security professionals. I want people to be able to think like a hacker, and what I do in this book is I've first, of course, explore what that means Like. What does it mean to think like a hacker, what are hackers? And then examine well what happens when you do think like a hacker. So what happens when you think like a hacker is it helps you think independently, it helps you think differently about the situation. Whatever the situation is Maybe it's starting a company, getting a job, getting promoted, starting a charity, changing your career, whatever If you apply the hacker mindset, you could think about that situation differently. And when you think about it differently, that reveals these overlooked opportunities, these things that other people have missed, and that's what makes hackers successful when it comes to finding exploitable security vulnerabilities in, say, software systems. But that's a mindset, right. That's not about technical skills. That's about how you think about something.

Speaker 2: 26:11

And so in this book I analyze, I, through storytelling, explore well, what does that mean, what are the different elements to how a hacker thinks, and then, most importantly, how can someone apply it Like it's one thing to be like you should think like a hacker and people are like, okay, that sounds interesting, now what? And so this book is sort of the now what. So I mean, obviously there's the convince. I'm trying to convince why you should do this, and then I, it's very actionable in terms of teaching people how to do that. I mean, I get to spend every day around hackers. Hackers are my friends. I go on vacation with hackers and I just I think the hacker mindset is a superpower and what I'm trying to do with this book is to teach that superpower to everyone who is interested in a new way of thinking.

Speaker 1: 26:51

Yeah, it seems like everyone has that to some extent or they have. You know, that need right Because, like, just going back to like kind of how we started the conversation, where you have to find a way to hack your own mind to get yourself through the roadblocks that you encounter. You know, like when I was, when I was starting my dissertation, I was having huge writer's block, you know, and my chair literally had to break it down. He's like just give me a paragraph. You know, give me four sentences. Can you give me four sentences? You know, like on this first little intro, just talk about yourself for four sentences.

Speaker 1: 27:28

Oh, okay, I can do that. It's like, okay Now, like talk about this, this topic. What's the first part of it? You know, like what? Why does it matter? You know, and once, once, I was able to like kind of hack my own mindset. Now I'm a hundred pages in and I'm not close to being done, unfortunately, but you know, like it got me there, it got me through it and now I'm able to work my way through, you know, those problems that I was encountering. I love that.

Speaker 2: 27:53

Yeah, it's interesting because some of the things we talk about at the top of the show are directly reflected in this book, like the idea of like doing one more thing, how to build habits, how to basically be more tenacious, cause that's, that's one of the key elements I mean I've I've had through the course of interviewing and writing this book, and I gave a Ted talk called why you need to think like a hacker and sort of so, working on that, all these things they helped me like distill down what does it actually mean to think like a hacker? It's a pretty cool process. I got to go reach out to hackers that I respect and admire and ask them that question what does that mean to you? And I basically distilled it down to these four traits that hackers are they're curious, they are non-conforming, they're committed and they're creative. So those the four Cs, as I think about them, hackers are curious, their hackers are inquisitive, they want to understand how things work, why it works that way, all that stuff.

Speaker 2: 28:49

The second is that hackers are committed or, sorry, are non-conforming, meaning that they're not willing to follow along where the herd is going just because the herd is going there. They want to think independently and say well, I know I should do X, but what if I did Y? So that's non-conformity. And then hackers are committed, which is to say that hackers are willing to invest the time, the effort, the love, the passion, the person power, whatever the resources may be required, to pursue their targets. And then, finally, hackers are creative, meaning that hackers come up with these really elegant and beautiful and innovative approaches to solving problems, like, oh, no one had thought to combine A with B, but when you combine A with B, it creates this thing that's like exponentially more impactful than either A or B. And hackers do that stuff every single day, and so it's been a really enjoyable journey then digging into each one of those and thinking about well, what does that mean and how can I teach that? What are stories that illustrate that? And that's basically what the book does.

Speaker 1: 29:49

And it's all really built off of habits? I think it does. Would you think that you know that hacker mindset comes from just having the right habits?

Speaker 2: 29:58

I think so. I mean, I think hackers are like any group. You know, people exist on a spectrum and I'm sure there's the people in the hacker community who would say they have terrible habits and some who have incredibly disciplined habits. But that would be a self-assessment of themselves within their own spectrum. When I think about what it takes for someone to be interested in and successful at hacking as a profession, it does require habits. They have to be willing to go kind of do the same, attempt, the same types of things over and over again. Maybe they're changing different types of systems or going after it in a different way or trying to, you know, arrive at a different outcome.

Speaker 2: 30:33

But yeah, it's a lot of buying something that hasn't worked 70% of the time, 80% of the time, 90% of the time you're willing to do it again anyway.

Speaker 2: 30:44

And I often think about this metaphorically, as like you think about Olympic athletes and what makes an Olympic athlete that level of elite starts with, of course, genetics. They had to be predisposed in a certain way to even be eligible to build themselves into a certain thing. But once you move beyond that, then it's like they've, of course, got to have invested the time and effort and like building their body in a certain way. But there's this one detail that's really interesting about Olympians is that they're willing to do the boring thing thousands of times, like they're willing to eat unseasoned chicken breasts three times a day for 10 years, and most people aren't willing to commit to do something boring or unappealing repeatedly for a long period of time, and it's more than that. But without that, someone will never become an Olympian. Just the same way, someone will never become a successful hacker if they're not willing to be tenacious and persistent and adapt and pivot and, just you know, keep pushing forward.

Speaker 1: 31:45

Yeah, yeah, it's like what Jay Cutler says when he was trying to be Mr Olympia. You know he ate not for flavor, not for taste or anything like that. Right, it was just literally. It was literally the nutrients that he was putting in. You know, like how clean it was and whatnot, and he even talked about. He's like, yeah, I eat 12 times a day. You know, every two hours I'm eating and I don't enjoy anything that I'm eating. None of it, like it's just there. I couldn't even imagine that would be a tough one. Thankfully it's not my job.

Speaker 2: 32:15

Yeah, I mean something like that you're. The reason someone like that is able to do that is because of a larger mission, something that they're striving towards and they've they've started with the outcome. Like this is how you break any big thing down and you build it towards habits. You start with the outcome you want to achieve and then you determine what would the measurements need to be along the way in order for that outcome to be most likely to be delivered? So, whatever the goal is, there's going to be some sort of measurement that would met.

Speaker 2: 32:45

Like you know, someone says I want to be rich someday. Okay, well, what's the measurement? What does that mean? And you define that as either, like you know, dollars in a bank account, or total net worth, or passive cashflow, or whatever it is that. However, someone defines that, and then you say, okay, well, now I've defined let's for simplicity sake, let's say it's dollars of passive cashflow from real estate investment. Okay, well, what do I need to do in order to build a portfolio that gets to that?

Speaker 2: 33:11

And then you can break that down. And then you say, okay, well, in order to do that, I have to have this many properties. Okay, what does it take to acquire a property, what requires this type of action? You can take that all the way down to your daily habit and in that case, the daily habit might be I'm going to analyze five deals per day and make one offer per day. I don't know if those are actually what the metrics might be or the habit might be, but let's just, for simplicity's sake, let's say it's that If you worked it backwards and you said that analyzing five deals a day and making one offer a day every day means that eventually I will build a portfolio that's going to lead to that, now you can say now I don't need to worry about the outcome, I don't need to worry about the measurements, I only need to focus on the habit.

Speaker 2: 33:54

And that's what someone like Mr Olympia story you're telling. That's what he's doing. Is he's saying look, I know, to achieve my bodybuilding goal, it requires me to eat 12 times a day, every two hours after this, many calories of this cleanliness, and he can focus on each meal just doing that thing. And it's attached to that larger outcome. And that's that's how you connect the dots between the two and people who truly have that mission that they're they're pursuing and are willing to do that reverse engineering down to the daily habits. That's how you get there.

Speaker 1: 34:22

Yeah, it's breaking it down into easily consumable pieces. It's like, oh, I got to do this one thing every single day. It takes me an hour to do it. Okay, I can do that. It's a lot easier to fall into that habit than it is to do the other 20 things that could enable you to be successful in that area. So you know, where do you see the industry going right now, with AI and LLMs, you know, becoming prominent, right? I mean, last time you were on, I don't even think Chad GPT was around right. So, like, everything is just accelerated, right. And now it's becoming more important than ever. Actually, the topic of your book has become more important than ever For people that are in a situation where AI may offset their job or put their livelihood at risk in some degree. Maybe companies are moving too quickly towards AI and it's offsetting their employee base right, and they're probably going to be moving back right pretty soon. But where do you think the industry is going in the next couple of years with just everything going on in the world?

Speaker 2: 35:31

Yeah, I mean, it's interesting to see the hype cycle happening around AI, and this hype cycle has its unique characteristics, for sure, but it also shares a lot of the same characteristics with each of the preceding hype cycles we've been through. Iot was a hype cycle, blockchain was a hype cycle Bring your own device hype cycle. Cloud was a hype cycle All these things like. At the early emergence of these technologies, there was this general sense of like, everything is different now. Everything is different now. That's exactly what it feels like different now. Everything is different now. That's exactly what it feels like with AI. Everything is different now, and there's some truth to that, but the fundamental truth is that the principles are the same how we build better, more secure systems. Those truths are universal and they're timeless. The application of those principles is what's different now. So that's one thing I definitely want to in any discussion around AI, I want to make sure we're grounded in the fact that, like this is we've been through this and we will go through this again. You know, five years from now, we're going to be like remember when AI was that big thing? Well, now it's. I don't know, quantum is probably going to be the next hype cycle, but there's going to be some hype cycle after this where AI is just like and also ran, but it's some other thing. That's the main topic. So there's that for us for sure to consider. But as we are in the frothiest part of the hype cycle right now, things are changing, and for better and for worse. So the way things are worse is that if AI is further democratizing attack techniques so by that what I mean that's a fancy way of saying it's enabling lower skilled attackers to be able to do more, and that has always been true. I mean, the dark web is full of organizations selling very sophisticated attack tools that a low sophisticated adversary can buy and then just run. They don't need to have developed this thing themselves, they just pay for it and then they go execute it. And so this is similar in that. I think a perfectly illustrative example is when you think about all those scam texts that all of us get all day, nonstop. They're starting to get better right Forever.

Speaker 2: 37:38

The red flag well, first of all, it's been like some random number texting you some random thing Right out the gate. You're like I probably don't know who this person is, but there's a red flag within that, even if maybe you're the kind of person who does get a lot of random text messages from a lot of random people, maybe just meet a lot of people at conferences or out at bars or whatever and there was always a red flag that was like just weird phrasing. And there was always a red flag that was like just weird phrasing, broken English, weird punctuation, and you're like no, this doesn't, this doesn't seem right. Well, now they're getting really good, like I got one. I got one yesterday that was so my, you know, as everyone's cell phone number, it designates like what region of the country that phone number comes from and the text had been like hey, I'm coming to insert that area next week. We should get together.

Speaker 2: 38:28

That sounds like a text message that a person, a real human, would send to another real human. And I think that a message like that was so good because someone not a native English speaker, probably went to a chat GPT or equivalent I'm not blaming chat GPT, but some LLM and said you know, I want to say this. I wanted to say in casual American English how would someone text someone that said something like that? And probably gave him a whole bunch of options. I got another one that was it was. It said something like it was a joke. I was like almost mid joke, like hey, remember when we were lost for three hours because you refused to ask for directions?

Speaker 2: 39:03

There's a lot of people, men in particular, who would be like I don't remember this specific thing, but that is something I did do, and so that's an example where things are getting worse, like AI is helping attackers become more sophisticated or lower skilled attackers get better, but it's also helping like things are improving, I think, for the defender defender side, because various AI tools are enabling us to do more with the same person powers, like an example might be, maybe like data classification. You've got this huge unstructured data set and it's this massive bale of hay and somewhere in there is a needle and being able to pick through it manually, you just might take forever, you might not be able to find it, but AI can comb through, it can organize things, and all of a sudden, you're not looking at a whole bale of hay, you're looking at like a handful of hay and now you can much more easily comb through that. So those are the kinds of things that I'm seeing change.

Speaker 1: 39:59

Yeah, it's definitely becoming more difficult. No-transcript. This stuff is getting way too way, too good. I can't even imagine being you know, someone you know at the end of their career, at the end of you know retirement right, getting getting hacked like this or getting, you know, you know, this sort of attack like this. I don't think I would be able to stay on top of it. You know like, even as sharp as I am, like at some point I don't know, I want to go golf or something for the next 10 years and I don't think I'd be able to keep up. Yep.

Speaker 2: 40:55

Yeah, I mean even as diligent, as as we all are right, like there. It could also just be even all are right, like there. It could also just be, even as you're in the profession today, it could just be a matter of timing, right Like the times I find myself like almost falling for something, or when that attack has come in, that, you know, phishing attempt has come in at the exact moment when I'm actually expecting something similar, you know, like the classic one, like something about a package, and it's like, oh, I'm expecting a package today. Here's this thing about a package, the package. There's an issue with the package. Now, fortunately, I always, like you know, check myself before I go do that. But eventually, you know, someone might get lucky where the right technique was used at the right moment, where even someone who's incredibly diligent misses it. And that's the reality of the world we live in.

Speaker 1: 41:45

But they're getting better. They're getting harder to spot and AI is definitely helping with that. Yeah, I'm sure that that attack vector is really going to ramp up in the next couple of weeks with Apple's new iPhone release. I mean, I remember the last time when I ordered a phone like I got that exact thing. Oh, there's been a problem with your package with UPS, like, ok, well, apple shipping it via UPS. You know, I'm supposed to be getting it today. Let's go check through Apple. Oh, it's fine, I'm going to ignore this text, but yeah, ted, it's been a great, great conversation. I really enjoyed having you back on Me too.

Speaker 2: 42:15

Yeah, thanks for having me and for anyone who's listening and is wanting to stay in touch with me or learn more about my books or TED Talks or talks or anything like that. It's pretty easy Easy to get a hold of Just find me at tedherringtoncom.

Speaker 1: 42:29

Yeah, absolutely. I mean, I was going to ask you before you mentioned it. But, thanks, Thanks everyone for listening. You know, I really hope that you enjoyed this episode. Go check out Ted's books. They're fantastic. I got the first one. I'm definitely going to begin the second one. Fantastic reads for anyone, anyone and everyone. All right, Thanks everyone, Thank you.

People on this episode

Joe South

Host