Jumping into the ring for a second round of Unusual Journeys into Infosec, reaching for the ladder of inspiration we aim to pin down what makes this industry great.
This week we are joined by Phillip Wylie who has a really interesting and usual journey. I was first introduced to Phillip on The Many Hats Club discord where he shared his story, and even created a special role for him. When we kicked off the second season of this series, Guise Bule asked him to reach out to me on Twitter and the rest is history, as they say.
I'm a big fan of Phillip and don't want to spoil his story in this introduction, this is however, another example of how hard work, dedication, and facing into challenges really pays off. This is Phillip Wylie's Unusual Journey Into Infosec.
CyberSecStu (CSS): My vision for this article (or series), is to help break the illusion that you have to follow a certain route to have a career in Infosec. I have so many questions about your story, where did your journey begin?
Phillip Wylie (PW): I didn't take high school serious enough. Not finishing was never an option. My GPA was too low and my college entrance exam score was too low for my GPA. So I gave up prematurely on college. I had no idea what I wanted to do for a career. Since I was a big muscular guy from powerlifting, my friends recommended pro wrestling. This was a very interesting career path. I signed up at a wrestling school in Dallas, TX. After being trained to wrestle I started getting wrestling matches.
I wrestled in the WCW and it was at the time the WCW bought the UWF. I had several televised matches with the WCW and a wrestling federation based out of Dallas, TX called the WCCW.
My pro wrestling career lasted about two years with one year of training before I got matches. I got married and got out of wrestling a little over a year later. I didn't make enough money wrestling, so my main source of income was working as a bouncer at a nightclub in my home town in Denton, TX.
The nightclub hosted special events on Sundays to bring in a crowd. Sundays were typically slow unless there was something special going on.
The nightclub planned an event which entailed a wrestling bear. It was open to anyone to wrestle the bear, but they asked me to wrestle the bear. They used my wrestling promo picture on the posters and flyers announcing the event.
The bear was named Sampson and he was a 750lb brown bear. There were others that wrestled the bear. I did not beat the bear, but I did the best. I won a bar tab and a T-Shirt that read "I wrestled Sampson The Bear and lost."
I wrestled Sampson twice and after the first time I wasn't going to wrestle him again, but a couple hours later and taking advantage of the bar tab, the club owner easily convinced me to wrestle the bear a second time. I got out of wrestling due to getting married and needing a more stable income, I worked in retail, retail sales, restaurants, and manual labor.
After my daughter was born I realized that I needed something better with health insurance. I saw a commercial on TV about a trade school that taught computer-aided design (CAD). I enrolled in the school. This was in the Fall of 1992. I did not have any experience with computers. I graduated in the Fall of 1993 and got a job as a CAD draftsman. I discovered after working as a draftsman, that I had more of a talent for computers. I would troubleshoot and resolve problems that my coworkers were having. In 1995 I taught myself how to build computers and I was introduced to the role of a system administrator. I learned that they made about $10 an hour more than what I was making. In 1997 I took a 90 Novell NetWare course and after completion, I went to work as a system administrator.
I worked as a system administrator from September 1997 to December 2003 and I moved into a network security role.
I worked in network security from January 2004 to September 2005. My employer hired a CISO and he separated our department into different security functions. Prior to this we all did network security. I was put in an application security role.
This role inspired me to become a pentester. In the Fall of 2011, the company I was working for announced the sale of the mortgage division, which I worked in. On the all-hands call announcing the sale, they said if the division was not sold it would be shutdown. I started to apply for jobs. In March 2012 I got a consulting job performing pentests.
I've been pentesting since then and started teaching pentesting January 2018 at Richland College in Dallas, TX. My passion for pentesting and teaching led me to start The Pwn School Project as a way to educate people on pentesting and security. I host two meetings a month. One in Dallas, TX and one in Denton, TX. I also enjoy speaking at conferences and teaching workshops.
CSS: This is all amazing! You've been in Infosec for a while now, what do you see as the biggest challenges for people trying to break into the industry? Second part to this, have these (OR How have these), changed from when you first started?
PW: I think the biggest challenge with people that are trying to break into the industry is finding companies that are willing to give people with no experience a chance. The best way to deal with this is through networking. Attending local infosec meetings and conferences are great ways to network. Through networking, those looking to break in the industry are able to get their resumes to hiring managers directly or from others working for the hiring company.
I think the biggest change since I started is that security jobs are a lot more in demand, but it doesn't make it easy to get into infosec. Internships are a good way for students or college grads to get into security. My wife works in DFIR and got her job through an internship
CSS: Awesome, love this. Internships and apprenticeships are a decent route.
PW: It amazes me how difficult it can be and there is a shortage of security people.
CSS: What do you think companies should be doing to help attract more people or bridge the gap?
PW: I think internships, apprenticeships, and temporary contract jobs would help bridge the gap. Companies wouldn't have to commit to long term employment and they would get to see if candidates have potential. Apprenticeships and temp contract jobs could be open to not only students or grads, but they could also be open to those moving from IT to security or those that have gone the self-study route.
CSS: What is the best advice you've been given by someone in infosec on your journey so far, OR you've given?
PW: The best advice I have given is to network through local infosec meetings and conferences. Getting involved in the community makes it easier to find jobs. I got my last two full-time jobs through meetups. Networking and community involvement is a good way to share and learn. My experience with the infosec community has been rewarding and my best friends are from the community.
I share this with students and people I mentor. As well as anyone else looking for advice.
CSS: Very close to my heart, cons and meetups are really valuable, and helped me no end when starting out.
Okay, so is there anything you want to share or anyone you want to give a shout out to?
PW: I would like to give a shout out to my Dallas/Fort Worth infosec and hacking community. Dallas Hackers Association has done so much to grow and improve our local community and part of the inspiration for my meetup The Pwn School Project. I would also like to give a shout out to my friend on Infosec Twitter.
CSS: Thank you so much for sharing your story it's going to help a lot of people. One final question I have to ask (well it wasn't for sure). What was it like wrestling an actual bear?
PW: It's tough and nearly impossible. Trying to move a 750 pound bear is like trying to move a parked car, it will barely move. The bear I wrestled was very tame and like a big dog. It was a fun experience that I would not do again.
CSS: Kudos to you for doing it though!
PW: It's probably not legal in the US anymore with the protections around animals. Even back in the late 1980's there were rules that made sure the bear got mandatory rest periods.
I was involved in Rachel Tobac's Non-Linear Paths to InfoSec talk at BSides San Francisco in February and I use it on my slide when I was telling my story.
CSS: That's awesome, and also glad the bear got a rest. Still the craziest thing I've heard in a while! Thank you Phillip you're a star!
PW: Thanks for the opportunity, Stu! I had some crazy things happen when I was younger. I was also shot when I was 15 years old.
CSS: Wait you were shot when 15, what happened?
PW: My history of being shot, wrestling, wrestling a bear and powerlifting has earned me the nickname the Chuck Norris of infosec.
My brother was playing with a gun and shot me. He did not know that it was loaded.
CSS: Damn!! That's gotta leave a mental scar, for like both of you!
PW: He was 11 years old and trying to impress a neighbor's kid. The bullet went in through my left arm, then into my side. It entered my lung and pumped out of my lung into my heart. From my heart it lodged into the bend of my left leg.
When the paramedics got me to the hospital, they took x-rays and saw the bullet was in my heart. They transferred me 36 miles from Denton, TX to Dallas, TX to Parkland Hospital the leading trauma center in the area and the same hospital that JFK was sent to.
When I got there they cracked my chest open and didn't see an entry wound on my heart. They took an x-ray and the bullet was no longer there. It pumped into my leg.
CSS: You're like a machine, gets shot, pro wrestler, bear wrestler, and infosec pro! So they got the bullet out I assume. How long did it take to recover?
PW: It's a miracle I lived to tell about it. The bullet is still there. I have an x-ray of it.
CSS: You're like proof of no matter what happens in your life - you can still achieve anything!!!!
PW: The summer before I got shot I started lifted and when I wasn't sure that I would survive, I was worried about my classmates beating my bench press. Years ago I did not think I had the intelligence or potential to do what I am now doing. Hopefully, it will encourage others.
CSS: Thank you for sharing, this story definitely will inspire loads of people.
There is so much inspiration from this story to summarise in a mere paragraph, I think as Phillip has proven, that no matter what happens in your life, you can still achieve your potential. Again getting involved in the community, going to meetups and networking is vital to making those important connections. Having hosted, and attended many meetups, I cannot stress the importance of this!
In summary, go wrestle a bear- which is now a metaphor for tackling those big fears and challenges in your life, because if you can do that, anything is possible!
The amazing image is called Arm Wrestling and is by Danilo De Donno go check them out!