In March 2012, the FBI surrounded a hurricane-rated steel door in Galveston, Texas. Behind it sat 30 year old Higinio Ochoa, drinking coffee in his boxers, flushing his one-time pad passwords down the toilet before letting federal agents inside. The operation to capture "w0rmer" had finally terminated.The process had initialized years earlier in childhood IRC rooms and 2600 chat channels. Ochoa taught himself to hack on dial-up connections, installing FreeBSD from thirty floppy disks at eleven years old. By his twenties, he was running cameras and internet infrastructure for Occupy Wall Street camps. When he witnessed police beating a woman having a seizure during a raid, something switched. The technical skills pivoted toward purpose.Cabin Crew launched with surgical precision. Ochoa mass-scanned police systems for SQL injections and admin pages, often not knowing which department he'd compromised until crafting the press release. He signed every hack, tagged every defacement, live-tweeted FBI taunts. His girlfriend posed in a bikini outside the Alabama Department of Public Safety holding signs that read "PwN3D by w0rmer" with GPS coordinates embedded in the photo metadata.Today he consults for governments and holds battlefield accommodations from Ukraine. The smooth hands that once broke into Secret Service-designed systems now defend critical infrastructure at levels where people could die if information leaks.

TIMSTAMPS

00:00 The Early Days of Hacking

04:22 From Hobbyist to Activist

08:30 The Shift to Purposeful Hacking

13:16 The Rise of Cabin Crew

17:58 The Psychology of Hacking and Branding

21:11 The Origins of Wormer: A Hacker's Journey

25:10 The FBI's Approach: How They Caught Me

27:50 The Day of Reckoning: My Arrest Experience

32:44 Life in the System: Mental Struggles and Adaptations

36:18 Navigating Post-Prison Life: Challenges and Restrictions

44:40 Navigating Life Post-Incarceration

47:27 The Struggles of Redemption

51:19 Finding Opportunities in a Stigmatized Field

55:23 The Evolution of a Hacker's Journey

58:46 Contributions to Information Security

01:01:19 Words of Wisdom for Aspiring Hackers

01:05:42 The Dream of a Cybersecurity Bar

[Higinio “w0rmer” Ochoa – LinkedIn] - https://www.linkedin.com/in/x0hig Professional profile of Higinio Ochoa, a former Anonymous-affiliated hacktivist turned cybersecurity consultant, where he shares insights on security, research, and his work in the industry.

[DEF CON Hacker Conference] - https://defcon.org/ One of the world’s largest and most influential cybersecurity and hacker conferences, referenced in the episode as a key part of early hacker culture and later professional engagement.

[Cybersecurity and Infrastructure Security Agency (CISA)] - https://www.cisa.gov/ A U.S. government agency focused on cybersecurity and infrastructure protection, mentioned in relation to responsible disclosure and ethical hacking initiatives.

[Cloudflare] - https://www.cloudflare.com/ A global web infrastructure and cybersecurity company where the guest briefly worked after prison, playing a role in his transition into legitimate security work.

[The Pirate Bay] - https://thepiratebay.org/ A well-known file-sharing platform referenced in the discussion about monitored internet usage and security research environments post-release.

The Microsoft offices in downtown Houston initialized something in 2010 that its founders never intended to scale. Michael Farnum and his team triggered a regional conference with 120 attendees, built for the Texas cyber community. No grand ambitions. No national aspirations. Just a gathering for people who knew each other, wanted to learn together, and could afford to show up without corporate sponsorship covering a $2,700 entry fee.Meanwhile, Philip Wylie was running monthly meetups in Denton, traveling constantly, and discovering that building community meant something different than building an audience. The former professional wrestler turned pentester had launched DC940, authored bestselling books, and established himself as a global keynote speaker. But by fall 2024, the logistics became unsustainable. He stepped down from his DefCon group leadership role.That same night, walking away from the venue, an idea crystallized. The Dallas-Fort Worth area housed one of the world's largest cybersecurity communities, yet lacked a proper hacker conference. So Wylie sent a text message to Farnum. No expectations beyond advice. Within weeks, they had formalized a partnership that would bring CyberHackCon to the Plano Event Center, the same venue that hosted DalHackCon two decades earlier.What started as Houston's 15-year regional experiment had evolved into a national conference ecosystem. Companies were bypassing Black Hat and RSA entirely, sending whole teams to what was becoming CyberSecCon instead. The infrastructure now includes youth programs, executive events, OT-focused conferences, media arms, venture advisory, and nonprofit partnerships. Five full-time employees orchestrate an operation that refuses to gate its primary educational content behind paywalls, maintains community as the entry point for everything, and somehow preserves the feel of a high school reunion even as it approaches 400 attendees.

TIMESTAMPS

00:00 Building Community in Cybersecurity

05:15 The Evolution of HusekCon to CyberSecCon

12:00 The CyberSec Community Ecosystem

20:14 Introducing Cyber Hack Con

29:04 Call for Papers: Seeking Deep Tech Talks

32:20 Engagement and Community Involvement

33:44 Conference Experiences: Big vs. Small

39:03 Post-Conference Content and Accessibility

40:48 Creative Concepts: Cybersecurity-Themed Bar Ideas

SYMLINKS

[CyberSecCon] - https://www.cybrseccon.com/ Official website of CyberSecCon, a community-driven cybersecurity conference focused on accessibility, education, and bringing together professionals across all experience levels.

[CyberSec Media] - https://www.cybrsecmedia.com/ Media platform that publishes cybersecurity talks, videos, and educational content from CyberSecCon and related community initiatives, available for free access.

[DEF CON] - https://defcon.org/ One of the world’s largest and most well-known hacker conferences, recognized for its deep technical content, hands-on learning, and strong hacker culture.

[Michael Farnum – LinkedIn] - https://www.linkedin.com/in/mfarnum Professional profile of Michael Farnum, cybersecurity leader and co-founder of CyberSecCon, where he shares insights on community building and industry initiatives.

[Phillip Wylie – LinkedIn] - https://www.linkedin.com/in/phillipwylie Professional profile of Phillip Wylie, penetration tester, instructor, and keynote speaker with extensive experience in cybersecurity and community mentorship.

Twenty-one years old, sitting at an e-machines computer in Oregon. AOL chatrooms visable through the scanlines of a 17" beige CRT monitor. The social engineering protocol initializes without a name, without formal training. Just need driving innovation. Packages arrive at the house. Things he couldn't afford now flowing through manipulation vectors his young mind discovered by instinct.The judicial system terminates this operation quickly. Join the military or go to jail. Too pretty for prison, Rich Green chooses the army in 2002. Combat communications for five years until special forces assessment and selection activates a new trajectory. Close target access missions. Network taps and Wi-Fi exploitation in cartel safe houses. No help desk background, no certifications. Pure offensive operations training his neural pathways for a different kind of warfare.Retirement executes in April 2022, triggering contractor status at the DoD schoolhouse. Teaching the same skills they'd programmed into him. SANS identifies the teaching aptitude and extracts him from government work. The classroom becomes his new operational environment. June 2022, Sith 2 incorporates as his own company. Security, infrastructure, threat hunting, hardening.Now he's pulling 415 pounds in the gym while filming TikTok videos about password managers, running SANS courses in Singapore, oprates Cith 2, then chairing virtual summits at 2 AM without missing a beat. The nuclear reactor in a skin suit who responds to every troll comment with Southern charm until they start using password managers. His real dream remains teaching world history to middle schoolers.TIMESTAMPS 

00:00 Introduction and Background

02:44 Military Journey and Cybersecurity Career

05:29 Teaching and Content Creation

08:29 The Importance of Listening and Learning

11:18 Energy and Engagement in Content Creation

14:13 Sith2: Building a Brand and Community

17:10 Fitness and Personal Accountability

19:38 Content Creation Challenges and Mindset

26:04 The Impact of Teaching and Mentorship

26:29 Fueling Motivation Through Negativity

27:36 Engaging with Trolls and Negative Comments

29:42 Navigating Different Social Media Platforms

33:07 AI in Cybersecurity and Content Creation

37:38 The Future of AI and Human Creativity

40:10 Unique Bar Experiences and Travel Stories

42:18 Creating a Cybersecurity-Themed Bar

SYMLINKS

[Sith2 Official Website] – http://www.sith2.com Rich Green’s main platform for cybersecurity content, consulting, blogs, and podcast episodes.

[LinkedIn] – https://www.linkedin.com/in/secgreene Professional profile where Rich shares cybersecurity insights, teaching content, and industry updates.

[X (Twitter)] – https://twitter.com/secgreene Platform for quick thoughts, updates, and conversations around cybersecurity and tech.

[SANS Profile] – https://www.sans.org/profiles/rich-greene Official instructor profile showcasing his work, credentials, and contributions within SANS cybersecurity training.

[Instagram] – https://www.instagram.com/secgreene A mix of cybersecurity content, personal updates, and lifestyle posts including fitness and daily routines.

In the back office of his father’s telecommunications business, something in five-year-old Ryan Williams initialized. Programming in BASIC on a Commodore 64, he typed endless lines of code from a magazine, waiting three hours for a Mandelbrot set to render pixel by pixel across the screen. He was disappointed with the result, but the process had already taken hold. Years later, Williams was setting up a Formula One driver’s party when his phone rang. Pack it down. COVID wiped out his entire music career, his production company, and $40K in a single moment. Everything he’d built over two decades as a touring DJ and musician terminated without warning.

By eleven, he was hacking payphones with McDonald’s straws and engaging in underground BBSs after answering questions about death metal. But music became his focus, taking him from classical orchestras to rock bands to DJ tours across Australia and overseas. It was a life of little responsibility and constant motion, until March 2020 forced a hard stop. At rock bottom, Williams enrolled in a cybersecurity course at a local TAFE college. He quickly realized he was ahead of his classmates, but that wouldn’t be enough among 12,000 graduates nationwide. So he went online, consuming everything he could while documenting his path as D8RH8R from the hills of Victoria. Now he works as a lead security engineer at Applied Computing Technologies, breaking AI models deployed in critical infrastructure. He runs Smart Security Solutions, publishes HVCK Magazine, builds offensive security training, and operates Solo Hobo, providing pro bono assessments for organizations with no budget. The man who once lived for sold-out shows now works in the quiet RF spectrum of Victoria’s hills, pushing physics-based AI models until they fail.

TIMESTAMPS

00:00:00 - Introduction and guest background

00:05:11 - Early computer addiction and origin story

00:07:30 - Music career and COVID impact

00:09:10 - Transition into cybersecurity education

00:13:22 - Data Hater persona meaning explained

00:16:22 - Lessons learned the hard way

00:20:03 - Adversarial AI security role

00:28:00 - Solo Hobo pro bono security

00:35:00 - Hack Magazine and Academy vision

00:45:00 - Business model and creative process

LINKS

Applied Computing Technologies – https://www.appliedct.com.au - AI platform company for critical infrastructure

AttackIQ Academy – https://www.attackiq.com/academy/ - Cyber security training platform

B-Sides Brisbane – https://bsidesbrisbane.com - Information security conference

PADDOK's AI Red Team Course – https://www.youtube.com/c/PADDOK - Adversarial AI security training

Hack Magazine – https://hackmagazine.org - Cybersecurity publication

Solo Hobo – https://www.linkedin.com/in/ryanwilliams-datahater/ - Pro bono security assessments

TAFE – https://www.tafe.edu.au - Technical education colleges Australia

Orbital AI Platform – https://orbital.ai - AI platform for industrial applications

One batch file flatlined an entire school district’s network. That was 1994, in a town so small you could drive fifteen minutes and see nothing but the curvature of the earth. By sixteen he was building one of Wyoming’s first ISPs, and by 1996 he had already founded a Red Team. Then came twenty three years as a DEF CON goon, followed by an offensive security practice that scaled to 132 pen testers and nearly forty million dollars a year. He has breached security inside Ferrari dealerships, biolabs, and financial trading floors. If it had a lock, a network, a password, or a perimeter, Pyr0 found a way through it. Now he lives off grid in the mountains of Northern Colorado, running ham radio on solar, raising chickens, and still pulling sixty hour weeks breaking into things that were never supposed to be breakable. And this year, he's building something new. A conference on the beach at Carolina Beach, NC that is dedicated to preserving the stories and the history of hacking before they're lost to time.

TIMESTAMPS

00:00 Introduction and Background

09:44 Life Off-Grid: The Journey

19:10 Introducing naclcon: A Community-Driven Conference

26:55 Conference Planning and Logistics

32:10 Badge Life and Unique Experiences

37:03 Celebrating Hacker Culture and History

39:04 Organizational Challenges and Insights

42:00 Creating a Unique Conference Experience

47:12 The Vision for a Cybersecurity Bar

LINKS

[NaClCon Official Website] – https://naclcon.com Main website for NaClCon where users can register, book accommodations, and access full event details.

[NaC Con Contact Email] – mailto:[email protected] Official support email for inquiries about the conference, including registration and partnerships.

[Pyr0 (Luke McOmie) Email] – mailto:[email protected] Direct contact for sponsorships, collaborations, and communication with the event organizer.

[Fat Pelican – Carolina Beach] – https://fatpelican.com – Iconic dive bar on the Carolina Beach boardwalk highlighted as a must-visit during NaClCon.

[Red Helm] – https://redhelm.com – Pyr0's company where he serves as VP of Offensive Security.

[DEFCON] – https://defcon.org – The world's largest hacking conference where Pyr0 spent 23 years as a senior goon and founded SkyTalks.

[SkyTalks at DEFCON] – https://skytalks.info – The off-the-record talk track at DEFCON founded by Pyr0.

[Dual Core] – https://dualcoremusic.com – Nerdcore hip-hop artist performing live at NaClCon's Concert at Sea.

A kid builds a website for Game Boy Advance tips. Then another one. Then a racing game with a contact form he didn't think twice about. Until, someone hit it with a SQL injection. That moment cracked open a door he never planned to walk through. Years later, he's still walking. Past classical computing, past the ones and zeros we all know and into a space where a bit doesn't have to choose. One where particles hold their breath until someone measures them. This is the story of someone who cut their teeth building websites about gaming tips and a comedy sketch audio site that hit number one on G4TV. Now he's volunteering at DEF CON's Quantum Village, building browser-based quantum simulations, and trying to make the most complex frontier in computing feel a little less sci-fi.

TIMESTAMPS

00:00 Introduction to Robert Covington and His Journey

00:51 From Web Projects to Security Awareness

03:51 Diving into Quantum Computing

06:22 Understanding Quantum Concepts

08:31 Making Quantum Accessible with Qubitide.dev

11:13 Quantum in Enterprise: Use Cases and Costs

13:14 Involvement with Quantum Village and Community Initiatives

15:17 Emerging Job Opportunities in Quantum Computing

17:27 Learning Resources for Quantum Computing

19:31 Understanding Q Day and Its Implications

23:16 The Role of Quantum Random Number Generators

25:38 Unique Bar Experiences and Quantum Themes

LINKS

[Robert Covington – LinkedIn] – https://www.linkedin.com/in/robert-covington-2693a914b - A LinkedIn profile where Robert Covington shares posts about quantum computing, security conferences, and experiments with quantum simulations and QPU workflows.]

[QubitIDE] https://qubitide.dev - Quantum computing simulation platform for browser-based learning

[Quantum Village] https://www.quantumvillage.org - DEFCON village focused on quantum computing education and CTFs

[CompTIA SecurityX] https://www.comptia.org/certifications/securityx - Advanced cybersecurity certification

[Amazon Braket] https://aws.amazon.com/braket/- Quantum computing service on AWS

[IBM Qiskit] https://qiskit.org - Open-source quantum computing framework

[PennyLane] https://pennylane.ai - Quantum machine learning library by Xanadu

[D-Wave] https://www.dwavesys.com - Quantum computing systems and cloud services

[Xanadu] https://xanadu.ai - Quantum computing company behind PennyLane

[G4TV] https://g4tv.com - Gaming and technology television network

[QEDC] https://www.quantumeconomicdevelopmentconsortium.org - Quantum Economic Development Consortium

[Graph Machine Learning] https://www.cs.mcgill.ca/~wlh/grl_book/Academic resource on graph theory and ML

[WordFence] https://www.wordfence.comWordPress security plugin

An Uber ride. A stranger in the backseat. A conversation that changes everything. What if the person who redirects your entire life is someone you've walked past a thousand times and never noticed? This is the story of a kid from West Philly who didn't know what a server was, what the cloud meant, or why Windows OS mattered and then turned that into a cybersecurity career built on hustle, community, and an obsession with doing the work.

00:00 Moo's Journey into Cybersecurity

09:14 Navigating Distractions in Tech

13:26 Finding Passion and Purpose

17:11 The Reality of Rapid Industry Changes

23:11 Supporting Newcomers in Cybersecurity

25:53 Starting Over: Lessons Learned

29:41 Experiencing Hacker Summer Camp

35:07 The Culture of Networking and Community

38:39 Unique Bar Experiences and Networking

44:10 Creative Drink Ideas and Closing Thoughts

SYMLINKS

Moo Muhammad – LinkedInhttps://www.linkedin.com/in/munirmuhammad/Cybersecurity professional specializing in application security, incident response, and hands-on technical projects. Connect to follow his work, insights, and career journey in tech.

National Society of Black Engineers (NSBE) – https://www.nsbe.orgA professional organization supporting Black engineering students and professionals through mentorship, scholarships, and career development.

IEEE (Institute of Electrical and Electronics Engineers) – https://www.ieee.orgA global professional organization advancing technology, offering resources, publications, and networking for engineers and technologists.

Women in Cybersecurity (WiCyS) – https://www.wicys.orgA nonprofit organization dedicated to recruiting, retaining, and advancing women in cybersecurity through mentorship, conferences, and career opportunities.

DEF CON – https://defcon.orgOne of the world’s largest and most well-known hacker conferences, held annually in Las Vegas as part of “Hacker Summer Camp.”

Black Hat – https://www.blackhat.comA premier cybersecurity conference series featuring technical training, research briefings, and industry networking events.

The future of cybersecurity is not coming. It is already here. AI is writing code faster than humans. Deepfakes can impersonate your boss. Quantum computers threaten the encryption that protects everything we trust. And most organizations are still playing catch up.

In this episode of BarCode, Chris sits down with Jim West, a 30 plus year cybersecurity veteran who has seen every wave of the industry. From building machines in the early days of dial up to advising on quantum risk and AI driven defense, Jim breaks down what is hype, what is real, and what is about to change everything. This is not theory. This is what comes next.

If you want to understand how to think like an attacker, adapt like a defender, and prepare for a world where machines outpace humans, this conversation is your briefing.

Welcome to the future of security.

00:00 Introduction to Jim West and His Expertise

04:59 Jim's Origin Story and Early Career

10:36 The Importance of Certifications in Cybersecurity

17:16 The Rise of Quantum Computing in Cybersecurity

27:05 Preparing for Quantum Day and Its Implications

28:28 Exploring Quantum Computing and Qiskit

28:58 AI's Role in Cybersecurity Threats

30:45 The Evolution of Deepfake Technology

31:45 Quantum Computing as a Service

33:09 The Intersection of AI and Quantum Computing

34:34 Future Scenarios: AI and Quantum in Cyber Warfare

38:39 AI's Impact on Society and Human Interaction

39:24 The Creative Potential of AI

46:41 Balancing AI and Human Interaction

52:46 Unique Bar Experiences and Future Ventures

[Facebook – Jim West Author] – https://www.facebook.com/jimwestauthorOfficial author page where Jim West shares updates about his books, cybersecurity insights, speaking engagements, and creative projects.

[LinkedIn – Jim West] – https://www.linkedin.com/in/jimwest1Professional networking profile highlighting his cybersecurity leadership, certifications, conference speaking, mentoring, and industry experience.

[Official Author Site – Jim West] – https://jimwestauthor.com/Personal website featuring his published works, cybersecurity thought leadership, creative projects, and links to his social platforms.

[BookAuthority – 100 Best Cybersecurity Books of All Time] – https://bookauthority.orgA curated book recommendation platform that recognized Jim West’s work among the “100 Best Cybersecurity Books of All Time,” reflecting industry impact and credibility.

[ISACA (Information Systems Audit and Control Association)] – https://www.isaca.orgA global professional association focused on IT governance, risk management, and cybersecurity, where Jim West has spoken at multiple regional and international events.

[GRC (Governance, Risk, and Compliance) Conference – San Diego] – https://www.grcconference.comA cybersecurity conference centered on governance, risk management, and compliance practices, referenced in relation to industry speaking engagements.

[EC-Council (International Council of E-Commerce Consultants)] – https://www.eccouncil.orgA cybersecurity certification organization known for programs such as CEH (Certified Ethical Hacker) and events like Hacker Halted, where Jim West has participated and spoken.

In this conversation, Chris Glanden interviews Matt Brown, a cybersecurity professional with extensive experience in both offensive and defensive security. Matt shares his journey into the cybersecurity field, discussing the importance of continuous learning, the transition from blue team to red team, and the critical skills needed for pen testing. They also explore the role of certifications, the evolution of online learning, and the impact of YouTube as a platform for education. Matt emphasizes the importance of understanding business operations in cybersecurity and shares insights on creating engaging content for aspiring professionals.

00:00 Introduction to Matt Brown and His Journey

03:50 Transitioning from Blue Team to Red Team

10:28 The Importance of Soft Skills in Pen Testing

11:28 Certifications vs. Practical Learning

15:21 The Rise of Online Education in Cybersecurity

20:19 YouTube Success and Audience Engagement

26:14 Future of Security Training

28:41 Fun and Unique Bar Experiences

31:37 Connecting with Matt Brown Online

SYMLINKS

[Brown Find Security Training] – https://brownfinesecurity.com/

An online, hands-on hardware hacking and IoT security training platform created by Matt Brown, designed to make practical offensive security training accessible without expensive in-person courses. 

[Matt Brown YouTube Channel] – https://www.youtube.com/@mattbrwn

A cybersecurity education channel focused on hardware hacking, IoT security, and penetration testing, known for long-form, unedited, real-world demonstrations and learning-through-problem-solving.

matt-chris

[Matt Brown on X (formerly Twitter)] – https://x.com/nmatt0

Matt Brown’s social platform where he shares insights, updates, and discussions related to cybersecurity, hardware hacking, and offensive security training.

matt-chris

[Matt Brown on LinkedIn] – https://www.linkedin.com/in/mattbrwn/

Matt Brown’s professional profile used for industry networking, sharing cybersecurity knowledge, and connecting with professionals interested in penetration testing and hardware security.

In this episode, Corey LeBleu, a veteran penetration tester, shares a raw and intense story from his early days in offensive security. Corey walks through a social engineering engagement that took a sharp turn, from being closely watched by a security guard to receiving the call that changed everything. What followed was a confrontation with authority, handcuffs, and a moment that forced him to confront the legal and emotional consequences of impersonation.

Through honest storytelling, Corey reflects on the pressure of physical security testing, the thin line between authorization and trouble, and the lessons he carried forward in his career. This episode serves as a cautionary tale about understanding boundaries, respecting authority, and the unseen risks behind revealing what’s hidden.

00:00 Introduction to Corey LeBleu and His Journey

03:34 Corey's Early Career and Learning Path

06:34 The Role of Mentorship in Pen Testing

09:19 Experiences in Social Engineering and Physical Pen Testing

12:22 The Handcuff Incident: A Lesson in Risk

15:12 Transitioning to Web Application Pen Testing

18:01 The Evolution of Pen Testing Practices

20:48 The Impact of AI on Pen Testing

23:42 The Future of Pen Testing and Learning for Beginners

26:28 Navigating Active Directory and Pen Testing Tools

27:35 Essential Training for Web App Pen Testing

30:34 Advice for Aspiring Pen Testers

32:30 Exploring AI and Learning Resources

37:05 Personal Interests and Hobbies

39:17 Living in Austin and Local Music Scene

SYMLINKS

[LinkedIn] – https://www.linkedin.com/in/coreylebleu/Primary platform Corey recommends for connecting with him professionally.

[Relic Security] – https://www.relixsecurity.com/Cybersecurity consulting firm founded and run by Corey LeBleu, focused primarily on web application penetration testing and offensive security work.

[PortSwigger Academy] – https://portswigger.net/web-securityA free and advanced online training platform for web application security, created by the makers of Burp Suite. Recommended by Corey as one of the best learning resources for modern web app pentesting.

[Burp Suite] – https://portswigger.net/burpA widely used web application security testing tool. Corey emphasizes learning Burp Suite as a core skill for anyone entering web app penetration testing.

[OWASP Juice Shop] – https://owasp.org/www-project-juice-shop/An intentionally vulnerable web application created by OWASP for learning and practicing web security testing.

[OWASP – Open Web Application Security Project] – https://owasp.orgA global nonprofit organization focused on improving software security. Corey previously ran an OWASP project and references OWASP tools and resources throughout his career.

[SANS Institute] – https://www.sans.orgA major cybersecurity training and certification organization, referenced in relation to early penetration testing education and the high cost of formal training.

[Hack The Box] – https://www.hackthebox.comAn online platform for practicing penetration testing skills in simulated environments.

[PromptFoo] – https://promptfoo.devA tool for testing, evaluating, and securing LLM prompts. Mentioned in the context of prompt injection and AI security experimentation.

[PyTorch] – https://pytorch.orgAn open-source machine learning framework widely used for deep learning and AI research. Corey mentions it as part of his learning path for understanding how LLMs work.

[Hugging Face] – https://huggingface.coAn AI platform providing open-source models, datasets, and tools for machine learning and LLM experimentation.

In the electric chaos of DEF CON—where dial tones, solder smoke, and hacker legends collide—one figure stands out: John Aff, aka PANDA.

A veteran in the hacker community, he moves effortlessly between challenge design, telephony wizardry, mesh networking experiments, and the culture that surrounds it all.

Behind the reputation is a journey that started with game hacking, shifted into enterprise security, and evolved into a life built around creativity, community, and technical obsession. It’s also a story of identity—of finding a place where personal expression and professional skill finally intersected.

This conversation pulls back the curtain on a mind shaped by curiosity, lived experience, and a deep love for the craft.

CHAPTERS

00:00 - Introduction to Barcode Podcast

00:24 - Meet Panda: Cybersecurity Icon

01:47 - Panda's Journey into Cybersecurity

10:12 - Creating Interactive Challenges for Conferences

22:11 - Badge Building: The Art and Science

28:00 - Lessons from Offensive Security for Defenders

30:11 - Winning the TeleChallenge: A Team Effort

35:10 - Nostalgia in Gaming: The Phone Verse Experience

37:30 - Understanding LoRa and Mesh Networking

43:20 - Real-World Applications of MeshTastic Technology

49:14 - The Intersection of Furry Culture and Cybersecurity

56:54 - Community Building and Future Aspirations in Tech

LINKS

TelePhreak – https://telephreak.org An informatione trading post for the computer enthusiast (the hacker), telephony technophiles (the phreak), radio junkies (the HAM).

DEF CON – https://defcon.org/ The world’s largest hacker conference and the backdrop for many of Panda’s stories, competitions, and breakthroughs.

RedSeer Security – https://redseersecurity.com The security practice Panda supports on the defensive and strategic side.

Assura, Inc. – https://assurainc.com Where Panda leads offensive security operations and continuous testing programs.

MeshTastic – https://meshtastic.org Open-source long-range mesh communication project central to Panda’s community work.

Comms For All – https://commsforall.com Panda’s initiative focused on mesh networking, LoRa radios, and community education.

B-Sides Jax – https://bsidesjax.org Conference where Panda built the interactive phone-based badge challenge.

HackSpaceCon – https://hackspacecon.com The first conference where you and Panda crossed paths; a major Florida hacker gathering.

JLCPCB – https://jlcpcb.com PCB manufacturing service used for producing custom badge hardware.

EasyEDA – https://easyeda.com Design tool Panda uses to create the multilayer art and circuitry for badges.

Vectorizer.AI – https://vectorizer.ai The AI-powered tool Panda relies on to convert artwork into vector format for PCB badge design.

KiCad – https://kicad.org Open-source PCB design suite used for laying out circuits and prototyping badge hardware.

Adtran – https://www.adtran.com Telecom hardware vendor whose legacy gateways were used in the BSides Jax phone challenge.

QueerCon – https://www.queercon.org Long-running LGBTQ+ hacker community at DEF CON that collaborated with Panda on early badge projects.

National Cyber Games (NCA Cyber Games) – https://nationalcybergames.org Competition platform where Panda designed MeshTastic-based CTF challenges.

UNF Osprey Security – https://www.unf.edu University of North Florida’s student security group that runs CTFs and collaborated locally with Panda.

HackRedCon – https://hackredcon.com Security conference where Panda volunteers and participates in community events.

Jax2600 – https://2600.com Local chapter of the classic 2600 hacker community, part of Panda’s long-term involvement in grassroots infosec groups.

Backdoors & Breaches – https://blackhillsinfosec.com/projects/backdoors-breaches Incident response card game Panda used for blue team development and tabletop exercises.