Charles Henderson of Coalfire shares how cybersecurity programs can become more impactful by moving beyond tactical testing and toward coordinated, threat-driven operations that tell a complete story—from red teaming to executive reporting. He also reflects on the human side of the industry, from musical creativity to hacker culture, and why nurturing talent is key to long-term success.
Charles Henderson, who leads the cybersecurity services division at Coalfire, shares how the company is reimagining offensive and defensive operations through a programmatic lens that prioritizes outcomes over checkboxes. His team, made up of practitioners with deep experience and creative drive, brings offensive testing and exposure management together with defensive services and managed offerings to address full-spectrum cybersecurity needs. The focus isn’t on commoditized services—it’s on what actually makes a difference.
At the heart of the conversation is the idea that cybersecurity is a team sport. Henderson draws parallels between the improvisation of music and the tactics of both attackers and defenders. Both require rhythm, creativity, and cohesion. The myth of the lone hero doesn’t hold up anymore—effective cybersecurity programs are driven by collaboration across specialties and by combining services in ways that amplify their value.
Coalfire’s evolution reflects this shift. It’s not just about running a penetration test or red team operation in isolation. It’s about integrating those efforts into a broader mission-focused program, tailored to real threats and measured against what matters most. Henderson emphasizes that CISOs are no longer content with piecemeal assessments; they’re seeking simplified, strategic programs with measurable outcomes.
The conversation also touches on the importance of storytelling in cybersecurity reporting. Henderson underscores the need for findings to be communicated in ways that resonate with technical teams, security leaders, and the board. It’s about enabling CISOs to own the narrative, armed with context, clarity, and confidence.
Henderson’s reflections on the early days of hacker culture—when gatherings like HoCon and early Def Cons were more about curiosity and camaraderie than business—bring a human dimension to the discussion. That same passion still fuels many practitioners today, and Coalfire is committed to nurturing it through talent development and internships, helping the next generation find their voice, their challenge, and yes, even their hacker handle.
This episode offers a look at how to build programs, teams, and mindsets that are ready to lead—not follow—on the cybersecurity front.
Learn more about Coalfire: https://itspm.ag/coalfire-yj4w
Note: This story contains promotional content. Learn more.
Guest:
Charles Henderson, Executive Vice President of Cyber Security Services, Coalfire | https://www.linkedin.com/in/angustx/
Resources
Learn more and catch more stories from Coalfire: https://www.itspmagazine.com/directory/coalfire
Learn more and catch more stories from RSA Conference 2025 coverage: https://www.itspmagazine.com/rsac25
______________________
Keywords:
charles henderson, sean martin, coalfire, red teaming, penetration testing, cybersecurity services, exposure management, ciso, threat intelligence, hacker culture, brand story, brand marketing, marketing podcast, brand story podcast
______________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-and-cybersecurity-conference-coverage
Want to tell your Brand Story Briefing as part of our event coverage? Learn More 👉 https://itspm.ag/evtcovbrf
Want Sean and Marco to be part of your event or conference? Let Us Know 👉 https://www.itspmagazine.com/contact-us
From Red Teams to Real Impact: Bringing Artistry and Precision to Cybersecurity Programs | A Brand Story with Charles Henderson from Coalfire | An On Location RSAC Conference 2025 Brand Story
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
[00:00:00] Sean Martin: And here we go. Just making sure you got out of the shot. You didn't want any surprise guests? We have. We have enough enough guests behind us here. Oh yeah, Charles. Hi. Good to see you man. Great to see you. To see you. I'm, uh, excited to be here in San Francisco, RSAC conference 2025. We're having a good chat about coal fire unless we can, we can sneak in some music, I think.
I think I have a way to do that, but um, yeah, because we both love to. Oh, yeah. It's amazing how many people play instruments in this school, you know? And there's a huge
[00:00:32] Charles Henderson: crossover between music and math.
[00:00:34] Sean Martin: Right, exactly. And,
[00:00:35] Charles Henderson: and you know, you look at the, the number of people that have musical backgrounds in not only, uh, engineering, science and math and whatnot, but all specifically in cybersecurity.
I, I think people with music degrees and I, they're, they're just also. Especially in our area of cybersecurity and offensive security and defensive security, you think of blue and red [00:01:00] team. It's a, it's, it's a lot less paint by numbers. Yes. And more true art form. How,
[00:01:05] Sean Martin: how can I push? Yeah.
[00:01:06] Charles Henderson: What does
[00:01:07] Sean Martin: the pull come back sound like or feel like or whatever.
Yeah. There's the, there's the math. I, I'll use the right code, which is a language. Mm-hmm. Right. And I feel creating music is also language hacking and then looking for a path is also. So a language that it's amazing the, the crossover and will have another chance too, talk about music. So we're gonna first off you, your role at Coal Fire.
Mm-hmm. And then, we'll, we're gonna take a, a few steps back in, into time and, and talk about some other stuff. But what are you up to at Coal Fire now? What?
[00:01:36] Charles Henderson: So I run the cybersecurity services, uh, uh, division of Coal Fire. And what you can think about it is, um, if you think about coal fire's, legacy and, and, and assessment and, and.
Uh, compliance. Um, they've also have a, a, a, you talking like
[00:01:54] Sean Martin: HIPAA
[00:01:54] Charles Henderson: and
[00:01:54] Sean Martin: SOC two
[00:01:55] Charles Henderson: MPCI, and know all the compliance efforts that, [00:02:00] that, that are very much alongside the cybersecurity efforts. They also have, you know, a, a rich history and offensive security and, and, you know, you can think about the, the much publicized, uh, incident they had in Colorado where, um, they had a little, uh, run in.
Uh, or with a tester who was detained, right. And all these things. Yes. Um, you know, they've been doing that for a while. I, I was really brought in about a year ago to, to really broaden that and take it to the, sort of the full line of elite cybersecurity services, right. And build up that practice. So you can think about not only the red side of the house with red teaming, penetration testing, you know, hardware testing, all, all, all the way down to, you know, assessment type work.
Um, or no? What's that? You go down to the bios? Yeah, yeah, yeah. You, uh, um, as well looking at things like exposure management, all that sort of offensive side of the house, right? Yep. We wanted to make a defensive side of the house as well. We've, [00:03:00] we've done that. Uh, you know, we have. Grifter and, uh, yes, love grifter.
He did, he, he, long time friend. He cannot love grifter, but you know, he, he worked for me at the last shot too. And, you know, we've been great friends and it just works well. But, you know, we've got, you know, Bart and all these other guys that are really instrumental in that side of the industry, real thought leaders and, and bringing those two sides together along with the managed component over the top where we can, you know, look at things like exposure management and whatnot and bring it together and really.
Look at the entirety of a, a cybersecurity need for an organization. You know, we're, we're not trying to get in the commoditized services. We're trying to do the things that actually make a difference. Yeah.
[00:03:43] Sean Martin: Well, as you're describing that, I was picturing a Stanley Cup hockey team with multiple lines that are just filled with amazing
[00:03:50] Charles Henderson: talent.
It is a team sport. Cybersecurity is absolutely a team sport. And you know, it, it's kind of funny because I think all too often it's really [00:04:00] easy and. Some of this is sort of the, in some ways, almost antisocial nature of many of us in cybersecurity, but there's this, there's this lone gun person feel to it.
Like, Hey, I'm out there and I, I, you know, I'm, I'm John Wayne, or I'm, I'm, you know, pick your favorite, um, old Western character that rides into town on a horse and rides out at the end of the movie. Right? It's not that simple. It's, it's really coming together as a team and, and doing all of that. And, and, and, and, and working in concert.
You know, it, it's the whole band, not just the guitar solo. Hey, there we go. Yeah, that was pretty good, wasn't it? You got it Again.
[00:04:40] Sean Martin: So let, let's talk about this. You didn't say Lone Ranger, but I'm picturing the, the, the, the single person trying to be the hero. Not, it's not reality, but the uniqueness is reality.
Absolutely. And, and I think this is where I want to take things back to like Def [00:05:00] Con. And one and two in the early days where it's a bunch of unique people with their own perspectives, their own agendas, their own desires, their own skill sets, but they come together at Def Con. Right. So take us back in time and look, let's look at kind of the early days of, of hackers, I guess.
[00:05:19] Charles Henderson: Well, you know, you think back to those days and, and, and we got, we got together. You know, I, I think about like even Ho Con, which no one even knows what that is now, but that was, that was probably bigger than Defcon back in the day. Um, and, and we would get together and, and, and there wasn't like multiple tracks.
It wasn't like, right. It wasn't like, uh, the, the huge event that it is now. It was, Hey, here are eight talks. We're gonna get together and watch today. And you know, after that we'll go out for beers. Right? Yeah. And it, it was like minded friends. It was a chance to be creative. And I think a lot of that was, there wasn't really an industry, right?
I mean, I, at that point in time, I thought I was gonna grow up and be a lawyer. 'cause I was. I had two parents that were lawyers and that's just what [00:06:00] happened when you grew up, you know, and follow the path. Exactly. I still remember very early on in, in, in sort of in my college experience and everything, realizing, hey, there might be a career here.
And, and people were starting to get jobs and like penetration testing and, and sort of picking, and in those days I think everyone was getting a job in penetration testing. Like the, the idea of a blue team wasn't there yet. Yeah. And you know, there were no sins. No, no, no. It was, it was like, uh, you know, you like a bad av, maybe a firewall or, I mean, we all self-identified as hackers.
So that was like the natural progression and, and, and you know, I got that first job and I thought it was so cool. 'cause now I'm getting paid to do the stuff that I love. Right. Um, like I probably would've done it for free. Right. You know, don't tell them that. Yeah. Uh, but, and, and, and to this day, you know, I, I, I, I tell my team, you know, you're paid to write reports hacking you do [00:07:00] for free.
You know, that's the fun part. Um, but does it, is that feeling still there? I'm curious. Yeah. I, I still get excited. Yeah. But
[00:07:08] Sean Martin: how about your team? Yeah. Is that same, same sense of
[00:07:11] Charles Henderson: if you don't love what you do, it's, it's really hard to give the level of dedication that you need in cybersecurity. 'cause it really is a stack deck, you know, so you, you need that love of the game.
And, and I tell people when they fall out of that love, it's time to look for a different area of cybersecurity to focus on. So, you know, you see a lot of penetration testers that may be moved to threat hunting, right? Or something like that. It doesn't mean you need to give up and go find a, you know, a, a new passion in life.
Sometimes you can just, you know, kind of move a little bit, right. And. You know, I think about my own start, it was, it was always about finding the next challenge to keep yourself engaged because you owe it to your clients.
[00:07:58] Sean Martin: You, were you [00:08:00] pen testing as a service or were you internal, internally hired to test inside
[00:08:06] Charles Henderson: stuff or from the outside?
So I ended up very early on doing Pentest as a service, and that was, it was probably the coolest thing ever because for me, it. It was more exciting because that meant that every couple of weeks it was a totally different challenge, right. And different, and it kept me, I think, engaged longer than a lot of the people that I started out with that maybe, and gave me a little bit more focus.
And, um, and that's something that notoriously in the cybersecurity community focuses is not easily easy to come by. Right. You know? Um, it, it set me up for success in a weird. Interesting.
[00:08:48] Sean Martin: So I want, I want to get into kind of the transformation of coal fire, but I wanna stick with your transformation and maybe the, the evolution of the role of cybersecurity or the [00:09:00] people in cybersecurity things.
Things have changed. That's why I asked the question. Do, do you think that that feeling inside is remained? It sounds like it has, but the world has changed dramatically around us. It's cloud and I'm just, I'm mobile and cloud, and. Yeah. Now ai, so how, how do those changes affect the people looking at this world that we live in now?
[00:09:23] Charles Henderson: Well, I mean, you think about threat actors in the nineties and like, you know, people say, well, you know, your who, who, who are you worried about? And in the early nineties it was a disgruntled 13-year-old in their parents' basement, you know, and that that was a legitimate, sorry, I guess it still is, but probably.
The, the bigger concern is, I mean, it's a much more organized threat actor. It's, it's, you know, organized crime, nation state, all these things. And, and I, I think about the evolution of the defenses of whether those be offensive or defensive security, all these things, as they start moving forward, [00:10:00] they, they, they were driven by that threat act, right?
So. You know, one of the things I, I strive for with my teams and you know, I'm really impress upon them, the importance of this is we need to be threat focused. We need to be threat centric. And if you look at evolution of the industry, you're really following that threat actor path, you know? Um, but in a way you're following it from the front.
Is that, is it easy
[00:10:27] Sean Martin: to do following that down?
[00:10:29] Charles Henderson: Well, if you follow from the front, it is okay if you get, if you get behind. Okay. That's the problem. And so it's the anticipation of what's next. It's staying with research. And so part of that is selling your organization on, Hey, it's not enough to catch up.
We need, we need to be at the forefront. We need to think about what's next. We need to really be engaged in research. And that's, by the way, another wonderful path to stay engaged as a practitioner is saying, Hey, hey, get engaged in research. Yeah. [00:11:00]
[00:11:00] Sean Martin: Okay. So I'm, I'm gonna. I take a wild guess that that's probably linked to some of the evolution we've seen in, in Coal fire.
Obviously bringing you on a year, year ago to kind of build out the thing. But how has Coal Fire Services transformed over the past years as well?
[00:11:18] Charles Henderson: You know, we've really tried to uplevel and become more programmatic in the way we think about things. Meaning,
[00:11:24] Sean Martin: um, you know, how's that relate that to a c soliciting, what does that mean for them?
[00:11:30] Charles Henderson: So, you know. Buying a test or engaging in a test is, um, that gets you a great outcome, but it's a one-to-one relationship, right? If, if you start looking at it as a testing program or a threat hunting program or a mission, that's when you're successful. We're threat actors today are so much more complicated than they were, you know, uh, uh, even five years.
Okay. That, [00:12:00] and they've really gotten to the point where they have efficiencies of scale, division of labor, um, you know, all these things such that, um, if you're just doing a one-to-one relationship, you're, you're already behind. I mean, you're, you're setting yourself up for failure. So when you look at auto from a top down, and we take all of these, what were disparate services as recently, and, and the not too distant past, at least.
And, and, and, and make them work together so that you start to get a multiple of impact from them so that you're threat hunting and your red teaming, purple teaming, whatever, and you are, uh, testing, they all come together to, to, to affect an overarching security program. Right, right. And, and that also means that, you know, we, we talked about the antisocial nature of security.
You can't be antisocial and win because you know, you got a lot of teams here and, [00:13:00] and we saw it. You know, you think about the way the threat actors, uh, access brokers as an example, right? Where, where, where you went from someone who start to finish it was the same criminal organization. Now you see criminal organizations maybe, uh, selling access to another criminal organization.
You see specialization, you see division labors, people working together. And if we on the other side of the fence are not working together, we're, we're setting ourselves up for failure. So
[00:13:30] Sean Martin: clearly you said, gotta be ahead of the game, so you and the coal fire team are working hard on that. Stay ahead of the threat actor, but also staying ahead of the changes in the business, I presume as well.
How do you see teams inside the organization, security leaders in particular viewing? The current state of their program, current state of the threat, current state of the risk, their business faces. Are there signs that they're seeing that say, we, we [00:14:00] can't do this ourselves. We need, we need teams that have, have this insight and the view to things that we can't see and we don't, we're not staffed as same.
[00:14:09] Charles Henderson: I think almost universally we see that, but the difference is you see some that maybe feel a little bit overwhelmed and. Others that have sort of that trusted outlook. Right? Um, and, and, and there are a lot of ways that they tackle it. Some will try and piece together their own solution. Some are looking for a turnkey.
I want offer one house. What's important though, if you're in that role is whether you are making a programmatic or your vendor is making that pro programmatic, it's gotta be programmatic. And you know, I, I think you, you are less and less seen. Uh, security owners are saying, I'm gonna just take 11 billion vendors and, and, and put it together.
They're looking for a level of simplification. Right. And, and that's important because, you know,
[00:14:59] Sean Martin: even [00:15:00] the security tooling it can Yeah. Can expose Yeah. Excuse. So when you recognize Yeah. Um, the eye, eye contact, it's inevitable.
[00:15:08] Charles Henderson: The, uh, if, if you think about like if you bought a car in, in parts. That would be great for a real automotive enthusiast, I guess.
Right. But for your average driver, it would be way too complicated and it would probably, it result in an unsafe field. Yeah. So sometimes it's, it's about picking the right way to make it programmatic, picking the right cohesive manner to put that car together, um, and, and making it work. And it's also about.
What does good look like? How do I score that things are doing well? How do I even know? Because really if you're cybersecurity program, a lot of, yeah.
[00:15:49] Sean Martin: Great.
[00:15:50] Charles Henderson: How many did I have? Right? How many did you not find? Yeah. I found 50% of my bonds. No one knows that. Right. Um, how do you, what [00:16:00] does good look like?
Because really what you're kind of pushing towards insecurity is the absence of something bad. Right? You know, the CISO's best day is when they go to sleep. At a reasonable hour. What, how do you, how do you know that things are going well versus, um, things are going poorly? And you know, part of that is giving that to vendors like Qu Fire where we're saying, Hey, this is how you know things are going well.
And, and, and we're doing the, you know, both with our own offerings, but we also work with partners. We okay, we, we work with sort of the, the best of breed of the industry when we see something helpful. We, we, we wanna partner. And I don't, I don't mean integration there, like, uh, people in, in business, they confuse partnership and integration.
More data and intelligence. Yeah. I mean, true partners that, that work together. Great context. And, you know, to the degree we can do that with our own threat intelligence, with, with our partners insights and start to give like measurable success criteria [00:17:00] to, uh, to these, you know, owners of these missions that, that are entrusting us with the activity.
[00:17:09] Sean Martin: I like it. What does good look like? How do we get there? The, the thing I'm thinking about now is, I mean, very technical. The work that you're doing and you're working, I presume, with very technical people and IT and security and operations around that. Then there's the CISO that has to communicate the result of this stuff.
Mm-hmm. So you said you can, you can hack for free or hack, yeah. You're hacking for free. You pay to write, report, pay to write the report. To me, that report has to be actionable for the tech team, has to be actionable for the security leader, has to be actionable for the executive leadership team and the board to know we're on the right path is that people are asking what they're all says, what does, what is good and are we good?
And if not, how do we get to good? And it's a, it's [00:18:00] a multi-layered response there. Right. So what do you, how do you, how do you help the executive. 18, kind of get that answer.
[00:18:06] Charles Henderson: A lot of times it's providing threat context. You know, this threat actor group is using this TTV, you know, right. Providing that level of detail, but it's also storytelling and enabling the storyteller.
Uh, you know, the ancient people would gather around a campfire and tell stories, and those stories would be passed down. They, and maybe they'd change a little bit. Well, it kind of human nature, we wanna make sure that. Our CISO is enabled to tell the story so that it has high fidelity and doesn't change.
We, we want them to be able to speak just as if they're the one that found it not, not in some sort of misleading context where they take credit for it, but in the context of they need to speak a tote, and that means that we've gotta communicate so well with the team that they're comfortable moving forward with that.
And some of that is education, but a lot of it is just. [00:19:00] You know, making sure that the human factor is there. That, that we're not all ones and zeros, right? And that we're, we're really putting people in, in place for success rather than just putting a process in place. And,
[00:19:14] Sean Martin: and maybe to that point, as we begin to wrap, then I'll ask you one more question about stuff you're talking about and seeing here, just the, the approach organizations take when they think about doing a pen test.
Or, or the red, red, blue, purple, teeny exercise. You mentioned the human element, but I mean, back in the day was, we're gonna give you access to this. Don't, don't look at this. Mm-hmm. Give us the results in A PDF, that's, that's what you provide, and then we'll go figure it out. How, how important is the bigger picture now?
Are the organizations actually approaching it that way, or are they still approaching it from the, you know, we're, we're gonna send you off and you come back and we'll figure out. What's next?
[00:19:58] Charles Henderson: Most organizations today understand [00:20:00] the value in not obscuring their findings, but they wanna find it as much as possible.
Right. And, and you know, part of that is setting the expectation up front. You know, uh, any Fortune 2000 firm is generally gonna understand that a finding is good. 'cause there's a couple ways you can find a finding. One is a pen test report or a red team, or, you know, you find a gap in deduction from your red team.
Great. Some people look at that as a negative. I say that. Right, given the alternative of finding it through a forensics, you're, you're free, your free bug bounty program, or, or, you know, the worst scenario is that, you know, you call somebody's 24 hour, 24 by seven incident response hotline, or you call and they find a vulnerability or, or law enforcement contact you, you, that is, there are many ways to find a vulnerability and finding one proactively is unbelievable.
And it should be, it should be a parade. And if you can get into that mindset, you're gonna be more successful in [00:21:00] security. You know, I can give one piece of advice to anyone. Okay. It's celebrate the, the painless finding of fault. Yes. Because if it's painless, that's a success. That is success. And so if you get in that mindset, then you start to win at security.
And so I find that most organizations get in that mindset pretty quickly, or they're already there today. Okay. But what I would say is that, you know, some folks that may not be as well verse in security may need a little bit of handholding to get there. Right. And that's not necessarily a bad thing. Um, we need, we have to recognize it and actually embrace that reality.
Yeah, absolutely. I mean, and you know, honestly, that's, that's that human element. It, it's really easy to take a flaw out of context and say. Oh, this is bad. But if you start looking at, hey, this is a flaw, this threat actor group is using, [00:22:00] you know, you can get to the point where you're saying, because this threat actor group isn't the first to exploit it.
We won. Yeah. So
[00:22:12] Sean Martin: I would even on time here, we have a few minutes I want to ask you. I'm gonna go back a little bit, have a reason for this. Your handle.
[00:22:20] Charles Henderson: Mm-hmm. Angus?
[00:22:21] Sean Martin: Yes. Angus. Tell, tell us that story. This isn't, this is an interesting part, but not the main thing. Tell a story about Angus.
[00:22:27] Charles Henderson: You know, here, here's the thing.
If you look at somebody's handle, it's, it's, it's essentially a look back into their, well, at least for the, for the old school folks, it was, you know, a look into the 13-year-old self of, you know, in so many years ago. Now it's a couple years back. Yeah, a couple years back. I'm wiser now. Um. And it turns out that at the time when I chose my handle, I was a huge A CDC fan.
I still listen to A-C-D-C-I, uh, I'm not a total [00:23:00] disappointment to my childhood self, but I was really into A-C-D-C-I thought it was, you know, my generation's Beatles. I know that. Yeah. It was, it was very good. It was good. And I mean, hey, Angus Young is still doing back spins on the computer. He's got the energy going.
I, I thought Angus Young, the lead guitarist, bass, you see was a cool singer. I play guitar. And then it goes back to that, that, yes, that musical background and, and, and three chord songs are pretty easy to play, right? It's always that. Yeah. And so, um, it turns out that, you know, that's sort of a view into my, my background.
You know, drifter tells the story that, you know, he is, uh, saw the word in the dictionary and he is like, that's me. So that's how you got into handle. But you, you look back at that, that that sort of childhood naming convention and you know, we, when we get interns, we, and they don't have handles, we often encourage them to take one out.[00:24:00]
I think it's a real rite of passage that I, I wish was still more prevalent in the security community. Yeah.
[00:24:06] Sean Martin: I'm so glad you mentioned intern. 'cause that's exactly where I was gonna go with this. The building a team. Mm-hmm. And keeping the skills. Keeping the energy, keeping the love and the passion for it.
Keeping the, keeping the rocking going. Yeah. Um, we often hear there's a skills gap, and so how, how do this qualify our approach that, 'cause that's, that's really your, I think obviously you have tools and services, uh, technology to help. How do you keep the team fresh?
[00:24:35] Charles Henderson: So, you know, it, it's a blend. A lot of it is going out and obviously I have a big Rolodex of people I know through the industry through.
My work at the Black Hot Conference to uh, um, uh, just my industry connections, people I've worked with previously. Um, so I'm lucky enough to attract a lot of top tier talent to the team, so I have kind of an unfair advantage. [00:25:00] Right. That's good. That, that's, I, I I don't shun it. I, I, I, but I, I love having, I, I, I'm lucky enough to have people that wanna work with me, so that, that's great.
But I, we also even. Dating back to my previous stints, um, have always placed a real emphasis on talent development. Bringing out, you know, I, I think about, uh, uh, CPTC, um, which, uh, for those that don't know, it's a, it's a collegiate program where they have basically penetration test in competitions. Um, it's great.
I encourage everyone to look it up. Um, if they have a donate function, because I think it's not non-for-profit, I would highly suggest donate. I, I'm a big believer in giving back to that. Looking at how we develop talent, but also taking some of that talent, that raw talent, and start starting to develop career progression.
Thinking back to my own start getting that, that, that resource and saying, Hey, you're excited by it. You're enough so that you're participating in these competitions. [00:26:00] Why don't you come and, and, and let's start to develop that. And that, honestly, that's the coolest thing ever. Yeah. I, I, I love running the former interns that, that maybe, maybe are replying back to come with.
Uh, work for me or even just, you know, walking around the show and having somebody come up to me and say, Hey, you know, I haven't seen you. I'm, I'm over here now and learning that life story. That's cool. And so, and so, I invite others to do what they can to help develop some of this collegiate talent because it's really, that's a really tough thing to teach in school.
You know, you can, you can do, uh, you know, the, the, the penetration testing competitions and whatnot, but really teaching in a classroom environment doesn't do it justice. Yeah, I agree.
[00:26:43] Sean Martin: Yeah. And, and many of us, um, I didn't, I wasn't in the hacker path. I was in the engineering path, but many of us were given a chance.
We weren't handed anything. We worked hard, but we were given a chance. And I think if we keep that same and give back and give others a chance, I think we're, we're a good shape. [00:27:00] I,
[00:27:00] Charles Henderson: I believe it. You know, the, it's really easy to take the gifts you've been given over life and say. Wow. I'm lucky. And just move on.
Yep. Um, the hard part is saying I need to return this favor and, you know, I, but it's so rewarding that it's an
[00:27:22] Sean Martin: amazing thing. It's, it's Carlos pleasure chatting with you. Anything we didn't talk about yet? Not that I can think of, but, you know, other
[00:27:30] Charles Henderson: than, uh, uh, enjoy the show and, uh, I, I look forward to black hat this year in the summer, so my hat's gonna
[00:27:37] Sean Martin: be good.
Hope to see out there. He certainly will, certainly will. And uh, yeah, I'm looking forward to seeing Grifter as well. And, um, great work with the coal fire team. Hey, and, uh, keep up, keep up the good work and hopefully we'll, we'll have a chance to chat at Blackhead. Absolutely. Look forward to it. And when off camera, we're gonna keep talking music talk.
Gibson Gibson, uh, Les Ball stories [00:28:00] everybody. Thanks for, uh, joining us here. Hope you join the conversation neck with Charles. Connect with the Coal Fire team. Uh. Are you doing your pen testing pragmatically or, uh, tactically? Maybe want to think about that a bit more? Thanks, everybody. Stay tuned@itspmagazine.com.
Palm slash rsac two five. See you soon.