This Brand Story episode explores how practical, accessible training can bridge the gap for aspiring penetration testers facing high barriers to entry. White Knight Labs explains how their new ELPT program prepares trainees to handle real-world engagements, not just lab simulations.
Getting a start in cybersecurity has never been easy — but for today’s aspiring pen testers, the entry barriers are even higher than they were a decade ago. In this conversation, Sean Martin and Marco Ciappelli sit down with Greg Hatcher and John Stigerwalt from White Knight Labs to unpack why they decided to flip the script on entry-level offensive security training.
Greg, a former Army Special Operations communicator, and John, who got his break as a self-taught hacker, agree that the traditional path — expensive certifications and theoretical labs — doesn’t reflect the reality of the work. That’s why White Knight Labs is launching the Entry Level Pen Tester (ELPT) program. The idea is straightforward: make high-quality, practical training accessible to anyone, anywhere.
Unlike other courses that focus purely on the technical side, the ELPT emphasizes the full skill set a junior pen tester needs. This means not just breaking into systems, but learning how to write clear reports, communicate effectively with clients, and operate as part of a real engagement team. John explains that even the best technical find is worthless if it’s not explained properly or delivered with clear guidance for fixing the issue.
Greg points out that the team culture at White Knight Labs borrows from his Special Forces days — small, specialized teams where each individual goes deep on a specific domain but works in tight coordination with others. Their goal for trainees mirrors this: to develop focused, practical skills while understanding how their piece fits into bigger, complex attack scenarios.
Affordability and global access are key parts of the mission. The team wants the ELPT to open doors for people who might not have thousands to spend on training. By combining hands-on labs, in-depth modules, real-world scenarios, and a tough final exam, they aim to ensure that passing the ELPT means you’re truly job-ready.
For anyone considering a start in offensive security, this episode is a glimpse into a program designed to create more than just hackers — it’s building adaptable, communicative professionals ready to hit the ground running.
Learn more about White Knight Labs: https://itspm.ag/white-knight-labs-vukr
Guests:
John Stigerwalt | Founder at White Knight Labs | Red Team Operations Leader | https://www.linkedin.com/in/john-stigerwalt-90a9b4110/
Greg Hatcher | Founder at White Knight Labs | SOF veteran | Red Team | https://www.linkedin.com/in/gregoryhatcher2/
______________________
Keywords: sean martin, marco ciappelli, greg hatcher, john stigerwalt, cybersecurity, pentesting, training, certification, whiteknightlabs, hacking, brand story, brand marketing, marketing podcast, brand story podcast
______________________
Resources
Visit the White Knight Labs Website to learn more: https://itspm.ag/white-knight-labs-vukr
Learn more and catch more stories from White Knight Labs on ITSPmagazine: https://www.itspmagazine.com/directory/white-knight-labs
Learn more about ITSPmagazine Brand Story Podcasts: https://www.itspmagazine.com/purchase-programs
Newsletter Archive: https://www.linkedin.com/newsletters/tune-into-the-latest-podcasts-7109347022809309184/
Business Newsletter Signup: https://www.itspmagazine.com/itspmagazine-business-updates-sign-up
Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story
[00:00:00] Sean Martin: Marco,
[00:00:02] Marco Ciappelli: Sean.
[00:00:03] Sean Martin: do you remember that moment?
[00:00:05] Marco Ciappelli: Oh yeah. I think about it all the time.
[00:00:08] Sean Martin: It's top, top, top of mind for you
[00:00:11] Marco Ciappelli: Yep. Can stop.
[00:00:12] Sean Martin: that entry level moment where you made your first step into the world of cybersecurity
[00:00:17] Marco Ciappelli: Oh yeah,
[00:00:18] Sean Martin: in the pharma, me dragging you in?
[00:00:20] Marco Ciappelli: exactly that easy because every time I see you, I'm thinking about what have I done? I'm in cybersecurity now.
[00:00:26] Sean Martin: That's right. What did I do to myself?
[00:00:28] Marco Ciappelli: What did I do to myself? But you know, there is people that don't get drug like me. They actually do want, they, they, and don't get me wrong, I love cybersecurity. I wouldn't be doing this
[00:00:38] Sean Martin: And you found your, you found your place here
[00:00:40] Marco Ciappelli: But, you know, there are some kids out there even right now that all they want, they want to get into, into cybersecurity. They want to, they want to do something good. They want to, they, they still, maybe the movie hacker. As well. And, and they, and they get inspired by that or they get inspired by a lot of amazing people in the [00:01:00] industry.
Were actually talking about that before. I'm in Italy right now and there is a lot of cool hackers here. And uh, you know what? They're all over the world.
[00:01:08] Greg Hatcher: Mm-hmm.
[00:01:08] Marco Ciappelli: How do they start that? I don't know. I'm not one of 'em.
[00:01:12] Sean Martin: That's right. Thank. Thankfully we have Greg and John
[00:01:15] Marco Ciappelli: Oh,
[00:01:16] Greg Hatcher: Yeah. So what is the backstory between you two? Like Sean, did you just call Marco and you're like, you're, you're gonna run this podcast on cybersecurity with me, or I.
[00:01:24] Marco Ciappelli: he say, you, you are in cyber security now.
[00:01:27] Sean Martin: right. Uh,
[00:01:30] Marco Ciappelli: That's a story for another podcast. That's a story for another podcast.
[00:01:34] Sean Martin: we can, it's a very short story. Basically, we met and, and I said, you're helping me with some stuff here, so there you go. We, I dragged him to RSA conference
and that was, that was the end of it.
[00:01:44] Marco Ciappelli: Yep.
[00:01:44] Sean Martin: And, uh, yep. So. I mean, I, I personally started, uh, writing software and then securing software and then working for a security company, um, building security [00:02:00] products and, which is probably not what most folks do.
I think, um, I did a lot of what you guys train on, but, uh, specifically for a company building stuff, not. Not companies trying to protect their stuff.
Um, but, uh, I guess the, the point, the point Margo was making, and I think I'll, I'll jump on, is, um, with so much in the world of tech and so much in the world of business processes and so much in the world of, of. Trying to find your place in a, in a place, your place, in a place that, uh, can be mysterious at times when we look at cybersecurity, um, I think it's difficult for folks to find, find a way in much harder these days than perhaps, uh, 10, 15 years ago or more when I started. But, um, and I think that's where, where you to come together and, and help. Individuals and then ultimately organizations trying to find the [00:03:00] right folks to help them protect their businesses with, with getting the skills and the training they need to be successful and actually get good outcomes. And we're gonna talk a bit about that. But, um, first maybe for, for folks who didn't hear the, our last podcast, uh, Greg and John, maybe, uh, a few words from each of you about your role with White Knight Labs and then Greg, I'll come back to you, um, for, uh, an overview of. What, uh, your team does big picture wise. So I'll start with you, Greg. Go to John, your, your short version of your personal story and then, uh.
[00:03:32] Greg Hatcher: Yeah. Um, I was born on a Tuesday in the year 1986. Uh.
[00:03:38] Marco Ciappelli: I, I, I knew you were gonna go there. I
[00:03:41] John Stigerwalt: you.
[00:03:41] Marco Ciappelli: you were gonna go there.
[00:03:43] Greg Hatcher: Yeah. Right.
[00:03:44] Marco Ciappelli: Come on.
[00:03:45] Greg Hatcher: Um, no. So really abbreviated my backstory. Army Special Operations. I was a Green Beret, uh, for seven years, four combat deployments in the Middle East. Got out in 2017. Went right into offensive cyber, worked at a couple [00:04:00] different shops. The, the first shop I worked at, I met John, who, he's on the podcast.
He's now my business partner. We got to break a bunch of cool tech while working at that company. Um, around 2020, we both left that company and I went over to another boutique offensive shop. Um, I was mostly a defensive defense contractor, like being lent out to CISA as a, uh, like a red team lead, and then also a teaching windows, uh, at the NSA.
So. Then a little bit after that, John called me, he's like, Hey, I'm sick of all these consultancies, like charging exorbitant date rates for like putting someone that has like, you know, like no experience on, on the keyboard, behind the scenes. So let's start a company and, and like kind of turn this paradigm on its head.
So that's how W Hill was born.
[00:04:43] John Stigerwalt: Nice. Nice. That was good. I liked it. Just called you up one day. Hey, let's go be business partners. I love it. It's good stuff. Yeah. Alright guys. John here. So I have an interesting background, nice and short. Um, just a hacker started at 17. Just love breaking stuff. [00:05:00] Started, um, went to college, dropped out. Um, didn't really teach me about hacking, you know, I learned how to write a memo and how to create a, create a resume.
So it was really good stuff. So I took that resume learning skills and I applied for an IT help disposition, and I got it. And that was the start of my career path. Started from the bottom of the barrel, started working up admin assist, admin, um, security lead, aso, all. Worked with the va, did. I loved breaking and stuff, and you love the virtual barriers that you just get around and it was easy, really easy, especially back in like thousand 16, 17, 18, 19. The world was just like, turned along with pen testing, right? Things were like the wild, wild west, you know? I mean, we're still there, but it's a little bit better.
So, met Greg at VDA, did a lot of cool jobs, for example, did, um, part of the gon project for Microsoft for [00:06:00] a whole year. Got the work with zero days Really cool on the Windows 10 operating system. So did a lot of really unique, um, jobs Left, went to Secure, ran the US Red team alongside with the eu. We tested two of the Fortune tens, um, thousand, 19 and 20 and, um, was successful, so we basically said, you know what, we can do this better.
And that was kind of the true birth of Whitener Labs. So called Greg up, got our first job, and I remember he still had his many, many years ago.
[00:06:31] Greg Hatcher: True.
[00:06:33] Marco Ciappelli: Do, do you, do you still have it? Greg?
[00:06:35] Greg Hatcher: I don't, unfortunately, no.
[00:06:39] Marco Ciappelli: You know what, here's what I wanna start with this. 'cause if, if people haven't figured it out, we're gonna talk about, you know, entry level plan testing and how you getting the industry and the program that you guys have. But looking back at both your story, is it different now the way. The, the, the, the, the new generation of hackers and pen [00:07:00] tester, they enter in the industry.
I mean, it's not the eighties, it's not the nineties, it's not the 2000 either. I mean, we're, we're aging ourself. But the difference maybe Greg, that you, you, you see in the new, the new folks coming in.
[00:07:14] Greg Hatcher: Um, when, when John and I were getting into hacking, you could probably have one certification, um, not have a blog, not have private tooling developed, and you could probably get a job, um, at a, at a shop. Nowadays, when we're interviewing, we're looking for multiple advanced certifications. The person usually has a blog.
They have their own GitHub for their private tooling. Um, the expectations have gone through the roof. So this is, this is just WKL and if you wanna work at a boutique offensive cybersecurity consultancy, so I recommend, um, you know, maybe starting the blue team, like work in a sock for a bit, watch what attacks actually look like, um, you know, so that you could write rules to stop those attacks or go work as a software developer or CIS admin.
That way when you go to the offensive side, you're bringing all these other capabilities with you as opposed to [00:08:00] just saying, I have the OSCP. You would say, um, hey, I'm really good with native code, or I know.net inside and out. I can write loaders like nobody's business. But, um, we're definitely looking for other things than just, uh, a single certification at this point.
[00:08:14] Sean Martin: And so I think, uh, yeah, there's a lot of question around certification versus experience and, and, whether or not certification is gonna be experience driven or experience, uh, rooted, if you will. So what are your thoughts on, 'cause I, I think the other. Maybe the other thing from, I'll say back in the days, it, it, it, it seemed safer. I think there was always a risk of being. Doing something illegal, but it, it seems safer now. I think there are many more, there are many more eyes on things these days and poking around and playing around and looking at how things work and reverse engineering them and, and trying to break into things can [00:09:00] perhaps be not as, not as easy as it was in the past.
What are, what are your thoughts on that?
[00:09:04] Greg Hatcher: Yeah, the barrier to entry, especially with all the, the protections in, in the Windows 10 operating or the Windows 11 operating system and just EDR is getting better. Like these AI Next Gen tools, they're getting a lot better. So even what we're doing internal penetration tests that are just on the network at WT l.
We have to bypass EDRA lot of the time. We have to find really like, kind of disingenuous active directory, uh, escalations. Um, yeah, it's definitely not press theone button like it used to be. It used to be like, you know, five years ago we would just be like, you know, it enumerate GPP get like a local ab admin password.
It, it would be, it would be reused because no one has implemented labs and then you're off to the races. So we don't see that anymore.
[00:09:48] Sean Martin: Yeah. And a lot of those easy first steps gave you the, the opportunity to explore,
which, which I think is important. Um, so let's go kind of the big [00:10:00] picture of, uh. White Knight Labs and what, what your mission is as an organization. Um, big picture, I know you guys do a lot of, a lot of things, uh, from from pen test to training as well.
So
kind of what, what's the, what's the objective, what's the mission and vision there?
[00:10:15] Greg Hatcher: Yeah. So the, the entire reason we started WKL in the first place is because there was a problem in the industry where. These boutique shops are paying or like charging their clients an arm and a leg and then putting someone that has no skills, um, behind the scenes on the keyboard. So we wanted to break that paradigm and charge like an average day rate, but then put an exceptional engineer on the keyboard.
So we only hire the best, the best top 1% of engineers. Um, I would say senior and principal level. And the culture here is very similar to how it. Like an army. Special forces is ODA operational detachment. Alpha operates within that 12 person ODA. There's, there's teams within that 12 van team, right?
There's the medics, there's the weapon specialists, there's the explosive specialists. So for [00:11:00] me, for instance, I was a communicator. 18 echo means like communication sergeant, so nipper, sipper, routing, switching, handling, cryptography, all those things. That's what I did. Um, I went very deep in that lane. So when we went around to building out WKL, we're like, okay, the embedded team is going to do embedded work.
They're not gonna be like the part-time network penetration tester. They're not gonna do like a little bit of AppSec over here. They're just gonna do embedded work and be really, really good at it. So when we're interviewing people, a red flag is that they have certifications that are all over the place.
Like they do a little bit of embedded, then they have the OSWE, and then like, you know, maybe they have. Fill in the blank with whatever other certification and then their experiences all over the place too. So, um, at WKL, typically our engineers do one thing, so.
[00:11:51] Sean Martin: What, what are your thoughts on, because I, I think Marco and I talk about this in the context of, of technology [00:12:00] and innovation and driving, driving business outcomes where it, one, one thing on its own, maybe super powerful, but it's the connection of multiple things that open up the real opportunity, real potential.
So how do, how do you. As White Knight Labs, then bring the right people together to kinda look at that big picture. So
marrying the expertise, deep expertise in one element or module, let's say, connected to many others in a full system that actually, um, if popped has
all the, all the goodness.
[00:12:34] Greg Hatcher: Yeah, that's, uh, quite serendipitous. I was just, uh, talking about this with a, a partner, um, earlier today. So for instance, say we're doing an engagement that starts from, um, an embedded device like, um, a pacemaker, for example, say that pacemaker talks over Bluetooth to a mobile application or a tablet.
Um, I know that sounds really scary, but it does happen. And then that tablet then talks to a cloud backend to like shoot all the data from the actual [00:13:00] pacemaker. So you have the hardware and the firmware. Of the pacemaker, then you have, you have to attack that Bluetooth protocol. Then you have the mobile application, all the code that runs, that, all that dynamic testing has to happen.
And then you have whatever connection that is to the, the cloud backend. So what we would do at WKL, it would, we would bring in multiple people for that engagement. We would have the embedded engineer for the firmware and the actual hardware, and then we'd have an AppSec person to handle. All of the, the mobile and secure code review for that.
And then we would have one of our cloud experts like rag SLA or run parmar, uh, handling the cloud piece. So that way we, we, we have coverage on the engagement. We're going very deep on that in full tech stack.
[00:13:41] Marco Ciappelli: It is very cool. John, I wanna, I wanna bring John back because. He, he's there. I I, I know you're there and we, we were both listening and it's great, but, you know, we need to, we need to make a room back into the game. Um, so you guys offer a lot of, uh, [00:14:00] training and, uh, but, but today we decided to talk about the entry level, um, pen tester.
And I, I know you're very passionate about that, John, so I wanna know why we decided you decided. You and Greg to, to actually focus on that. Um, I know you, you love to talk about hands-on and not just theoretical and so even the first step for people to get a certification at an entry level, it seems to me maybe the first step it is the most important of all.
So, um, wanna pick your
[00:14:32] John Stigerwalt: I agree. Nope, that's good. Yeah, that's very good. We just actually just had a call with the team about this day and I had to give like a really passionate speech on like why we're even building this. So super cool. So I'll give the same speech here. You know, so we, we decided when we first started doing training, we.
Building training for the expert or advanced level, which is true today. Most of our courses are all built around expert, advanced or inter intermediate hire, right? That that is our job. That what we've done, we've stuck through that. We have four courses today that are just advanced [00:15:00] level now. The goal was to build some courses that are more towards entry level, and that's kind of where the growth of the ELPT, which entry test, so build.
The problem is I look at a, a consultant or an engineer on our team and sure, they all come in with OSEP, you know, certified Bread Team Operator or Certified Bread team expert. You know, the AD courses, nothing, there's, they have to have, they have to spend thousands of dollars just to get to a junior pen tester level.
And I think that's a little bit unfair, you know, and that's how it was for me as well of how. Together, but you know, the OSP and the o got my, got me my first job and I'll always be grateful to offensive security. But in my opinion, offensive security is slacking today. That's my, my absolute, that absolute truth.
I think, you know, they're not hyper and that's what makes us a bit different. [00:16:00] My goal was to build a certification where I can have an entry level person come in, take my certification course, pass certification, and I would give them a junior pen tester job. That's my absolute goal. I want them to be so well-rounded that they know we're gonna cover report writing, communication with clients.
We're everything from the intros to building your own account, Xbox to external pen testing, to web application, you know, to the OSI, you know, model basics, networking, subnetting. I want them to know everything coming in. Everything a junior pen tester should know and they should be able to operate freely with my team, you know, be able to handle just the basic getting domain admin cracking, cracking passwords and hash.
17, 1800 that just for 30 days. My cert, we marketed a $500 USD. I want my training available all across the world to anybody for a cheap, reasonable price. And they'll get more content than you would ever get with TCM offense security. It [00:17:00] doesn't matter any of the certs,
[00:17:01] Greg Hatcher: So John, you're saying you're gonna san follow the Sans model.
[00:17:05] John Stigerwalt: No, no, no. Nope. We're not gonna be not gonna charge $8,000 for a certification. Oh, that's ridiculous. But the goal is though, is like to give them a massive load of content. Something that they can follow. They run their own labs. We're not hiding things secret here. You know, there's no lab extension. They pay for, they pay for their own labs.
They can build it, run it through, and they, they all get one exam. We take. And there's a community behind them, a community of students that are already ready to ask questions, ready to take these certification exams. And we actually just talked about today, and we're gonna start putting in place, but we're gonna start offering, um, a minimum requirement.
So if you live in a different country, or I would say a third word country, I'm not sure how to word it correctly, but we will offer a lower rate for the e pt so others can take it, not just based on, but based. So there will be a, we're we're discussions on so basic [00:18:00] on.
[00:18:01] Sean Martin: yeah, no, I love it. And, and entry level pricing, uh, is super helpful, right? To, to kind of remove that barrier for folks. Um, I. I wanna talk about if we need to, we can talk more about the pricing, but I wanna talk about the, the, the. The makeup of the program. 'cause he said the goal is that you hire 'em after, after they get the certification, or you, you could hire them, right.
They,
they'd be ready to take on a job. And he touched on one thing that stuck out to me, um, that I, and I think we touched on this in the last podcast as well. Um, they, they, the idea of report writing,
right? It, it's not just finding the weakness and, and. Clapping your own hand, giving yourself a pat on the back and, and knowing that you accomplished that particular step. It's. Understanding what it is, why it is, where it is in the organization, why it matters to them. Writing that up in a way that [00:19:00] helps them determine how and if and when they should address it. Right? and, and. and. I suspect also being part of a, a bigger team, like Greg said, if there, there are multiple, multiple players looking at a, at a, an integrated system, their role within that team as well. So talk to me about how, how you accomplish that. What does the, what does the training look like? How do, how do, how do you set them up to actually do what they need to do so they can function, not just know stuff, but actually function
[00:19:31] John Stigerwalt: No. Great. Great question. So actually one of our service engineers who also works on the training side, I'm names up today, is like, Hey, I've noticed everybody who comes into this. You know, and whether that's senior principal, someone lacks something and it's most likely client client communication or some kind of report writing or something.
So no other certifications really covered that 100%. I know TCM does some stuff around that, but like I'm really looking to [00:20:00] drive deep into that. There We're going to. And as you guys know, and you guys have probably seen this, you all can do hack the box. You can do whatever you want, right? Sure. You can find vulnerabilities that's only 50% of the job.
If you can't report those correctly to the client and give them the proper recommendations or remediations for those findings, it's worthless. You did nothing. Hack you hack something but you can't explain what you hack and you can't tell fix, you know? Hacking is only 50% of the job. You have to be client facing you.
These crazy everybody. But part of the challenge is also learning how to report, how to identify findings. Run nesses, run your M Map scans. The certification will be based around an external pen test and also an internal pen test with a required report. At the end, we'll give them a template to fall off of.
We'll teach them how to write critical findings with provided in and proof of screenshots. Write validation. I'm not gonna use CSS 4.0. I think that's bias in my opinion. [00:21:00] We'll do something more custom. So I'll run the PTs model or something different. I'm not sure yet. Still debating on that one. So, but we're also gonna teach them how to communicate with clients daily touch points, you know, giving clients a professional update.
I mean, we've seen this problem with our senior principal staff. They just don't give touchpoint or there's not a professional touchpoint. So also addressing that in this year as well. That's a huge gap across this industry. We're not touching points with clients and letting know what's going on, such as dumping the NT Ds.
We all know that dumping the NTDS could take down a DC but we still do it anyway. We don't even, we don't tell the clients. So that would be something we, we include in in the ELPT. I think it's a great, great idea that was brought up today. I was like, yes, I love. So I think that's phenomenal. We're gonna include all that into the certification.
And the goal is, yes, I would hire a junior pen tester, but any of our competitors, it doesn't matter. Should after the certification, should be willing to at least interview these guys. That'd be the absolute goal. That'd be the end goal for me. Like we're not be proctored. The [00:22:00] exam will be hard, you know, it's gonna be difficult, you know, I'm not gonna make it worried.
It just pass. And you goal. We high quality content training.
[00:22:16] Greg Hatcher: And to be clear, being a junior at WKL is not like being a junior at another shop. We've got our, our interns are still running engagements by themselves. They're finding multiple escalation paths to domain admin and Yeah, they're, they're kind of freaks actually,
[00:22:30] John Stigerwalt: You, you're right. Our junior, our junior pen testers are a different breed of people, but they, they were taught by us. They were taught a certain way to think, you know, and how I don't this run and how they should be run. We go for that gold standard. Right. And that's how our, our, our training is built as well.
We wanna give the gold standard training. So
[00:22:47] Marco Ciappelli: So you're, you're junior, is it already a junior plus, let's put it that way.
[00:22:52] John Stigerwalt: yeah. Junior plus,
[00:22:53] Marco Ciappelli: Yeah. No, I,
[00:22:54] John Stigerwalt: eventually there'll be an.
[00:22:56] Sean Martin: There you go.
[00:22:57] Marco Ciappelli: I really, I really like the idea that, [00:23:00] yeah, being junior doesn't mean you're limited to do just one thing. It means you're junior, you're learning the basic for the business, and you're giving them the skills to grow on, right?
Otherwise, you're making an half pen tester. If, if that person doesn't know how to deal with reports and explain what they find out, and, and then, then you can take the next. The next, uh, course or whatever it is. Uh, Greg, I, I, I, I'm, I'm thinking while I was hearing, uh, John, and I know you, you both have background in, in the military as well, but coming out from, from the military where you, you were doing a lot of different thing.
A lot of people think when you're in the military, you, you, you work in a, in a silos in a way. But actually there, there is a lot of communication going on to run, you know, that those big systems. What do you bring with you that maybe then you guys reapply in your, in the way you train people from what you've learned how to grow in while you were on the [00:24:00] field?
[00:24:01] Greg Hatcher: So the number one role of a Green Beret, uh, when we're deployed is to be for multiplier. So that means our number one thing that we're doing is teaching.
So we deploy to Afghanistan, we're teaching the Afghan local police or the Afghan National Police. We deploy to Northern Iraq. We're teaching the Kurds. And when we're teaching them, it's typically rifle marksmanship, how to move as a team, um, how to stay alive while shooting accurately, communicating effectively.
So, and then even zooming out a bit. To be a Green Beret. It takes a lot of training. It's, it's about a two year pipeline, a little bit longer for me 'cause I recycled small U tactics due to falling asleep during part of the training. Thanks. Uh, yeah, thanks Army. Um, so it's, it's obviously like physically rigorous, but then you still have to go through Sears School, which is stands for Survival Escape Resistive Aid, where you have to resist torture.
You have to learn how to. Um, trap animals, bait animals, things like that. You go through MOS school. So I was an echo. So learning how radios work, um, how to make, like, make [00:25:00] antennas out of like wire essentially. And then the final thing, um, the final training event is called Robin Sage, where we put it all together.
So. When, when we went about to creating W L's culture, it was like, okay, how do we create like the same culture of a military elite unit but be in the private sector and everyone actually enjoys working here, right? Like, um, 'cause we want people to actually enjoy working WKL. But, um, some of our principles, you know, speed, precision communication, um, John mentioned the daily update.
That's something that's required out of all W Hill's engineers. It's, you know, it typically goes to Janelle or PM and then she sends it in Slack. It's like, Hey, what, what did we do yesterday? What are we doing today? Are we on schedule roadblocks? Things like that. So. Um, I used to work for a general, general N Nevada.
He firmly believed in over communication as opposed to under communication. Like say it then, say it again, then say it a third time if you have to. [00:26:00] Um, yeah, but, uh, I think it's working out pretty well so far for the company. Um, we typically two x or three x every single year. I.
[00:26:08] Marco Ciappelli: You teach in resistant torture.
[00:26:11] Greg Hatcher: And then like, you know, like part of the onboarding is, um, you know, we take 'em to a swimming pool and we, we put center blocks tied to their feet and throw 'em in the deep end and if they
[00:26:20] John Stigerwalt: I also, so yeah, I'm big.
[00:26:28] Greg Hatcher: Oh geez.
[00:26:29] Sean Martin: Oh my.
[00:26:30] Marco Ciappelli: Wow, you're, you're really making a good advertisement here.
[00:26:34] Sean Martin: One of.
[00:26:35] Marco Ciappelli: Let, let, let's, let's go back to the, to the real world. Uh, John, any, anything that, that, I know I'm, I know you're proud of, of all of this, but anything you want to add of, to what Greg said in term of, you know, l it, I think it's hard to take all you have learned into a lifetime and put it in a few days of it.
Of a course, how, how did you decide what to put in that course?[00:27:00]
[00:27:00] John Stigerwalt: Honestly. I'll put too much in there and then we'll, we'll review it and then we'll get, someone will get ripped out, said no, this will go to a next one. So, um, we just keep adding it in there, you know, we'll just keep adding content and more content. But we have a plan, so.
We have a women, we're only, we're only gonna do so many modules. I think it's say 15 modules. I think we're at 12 or 13 right now. And when I say modules, those modules are broke up in separate labs. 15 different areas that we're gonna cover. Right. And that's the basics. Building Linux, you know, your ad Min, you know, your ad environment.
What does AD look like? Enumeration finding ad and groups and you know, networking and.
Some of the cool things that other, you know, entry level certifications that don't cover and we've seen with our junior guys or some of our interns is, Hey, we did include a, a cloud component in here. No one's touching on cloud. Why is no one touching on cloud? 'cause everybody has 365. Everybody has Office 365.
Why are we not touching on it? Same thing with [00:28:00] Azure. Everybody has Azure, you know, and then also, you know, doing some, you know, guidelines. Here's your tooling. Awesome. Great. Here's how to modify or just touch on it a little bit to maybe get, get around to a DR. Obviously we have an ER course that will link and to these guys, which is more advanced, but like we wanna touch on all these different topics.
I'm meaning I'm maybe including a C2 in this course as well, just to give guys experience because how many times I've gone to, to an interview, Hey, strike. Yes. Yes, I have. But I've been very fortunate. A lot of people haven't. Right. Is. First time. Most people are never gonna,
and that's, that's the goal,
righter.
[00:28:46] Sean Martin: Hmm. And you, you mentioned, and maybe maybe both of you can comment on this, the, you mentioned kind of thinking, thinking, a certain way as you approach this and, and I'm thinking of an engagement [00:29:00] where it may not be I. Critical time pressure, but certainly you don't want an engagement to run on forever.
You, you have some SLAs. Um, you wanna be as efficient as an and and proficient as possible in, in finding things and reporting against them. And that takes a certain mindset of how far do you go? How far do you take? You talk about the dump and whether or not you disclose that and the impact it can have. Um. So how do you, how do you bring some of that together in the training? Do you, I'm assuming you do, to where you help them understand, here, here is your role, here's how far you take things. Here's, here's the, the mindset that you, you should have again, as on their own and as part of a bigger team. Um, so the, yeah.
The question really is how do you, how do you help? Shape that mindset, because you also mentioned Greg, the, the culture, right? Which drives a lot of that as well. What decisions do you make now that drive the next, the next step and the next step that lead you to the [00:30:00] ultimate, um, end game with, with your engagement?
[00:30:03] John Stigerwalt: Take first. Stab at that
[00:30:04] Sean Martin: Okay.
[00:30:05] Greg Hatcher: Yeah, go ahead.
[00:30:06] John Stigerwalt: Yeah. So Greg's a big, you know of this as I is when talk a client, um, and it's some of I've, same is if I'm talking to IT manager, how dopple business to. What really makes that business run where the revenue come from, right? Is it your data? Are you selling something, eCommerce blah.
Right? Are consulting like us. So how would take. How would I make that business no longer run and operate? And that's what I tell my pen testers. So getting domain admin, that's secondary objective. Who cares? I want their data. I want that database. And we'll show that in the report during our attack path.
That's what makes us different. We're not stopping that domain. Admin is never, never the end goal. Stopping where the data lives. They're paying for a pen test. They're paying for what a real live attack looks like. Yeah. We're not being stealthy. Sure. But we're gonna access contracts, [00:31:00] whatever it be, anything.
Right? So we work with our clients and we tell our that now. When it to the EL, PT and some of the other advanced certifications. We'll, we'll, we'll relay that message inside that as well. We'll show some sample verbiage of what they would give to a client. Hey, here's domain admin. Now we want you to go to this database and show proof of this.
Obviously, you'll redact that information. This is your stopping point, right? We'll make that clear as we possibly can, but. As you guys know, every client is so different. I can only teach so much. Everybody's so diverse. So the stopping points will be different per engagement and per, per your rules of engagement.
So we'll make sure that's outlined as well. So, but it's almost impossible to teach stopping points. It's just what feels right, you know, to a degree obviously causing most of our rules of engagement today is no DDoSing, no downtime, no man in the middle or, or after hours with approval, et cetera, et cetera, right?
Stuff those lines.
[00:31:54] Sean Martin: Greg.
[00:31:54] Greg Hatcher: Yeah. And piggybacking on that, um, communication is really critical here as far as when to stop [00:32:00] because obviously every penetration test, if you're a white hat hacker there, there's gonna be a time constraint, right? Whereas. Black hat Hacker can sit there and enumerate and be in the discovery phase for as long as they want to.
You know, we have 5, 10, 15 days maybe if it's a really large internal network penetration test. Um, so on the web app side, if someone finds cross site scripting, um, you know, I've worked at a couple shops where it's enough to, to just like pop a one. Um, and that's like, oh, there, that's reflected Cross eight scripting.
WL we need to go much deeper. Like we wanna steal cookies, like once we steal cookies, what else can we do? Um, we had a really interesting attack path that Ron Palmer pulled off recently where he did, he coupled, um, SSRF and HTM injection together and then he was able to. Create a new user in the client's AWS infrastructure, and we like stopped the engagement.
We were like, we were talking to the client like, Hey, this is what happened. This is what he did. By the way, do you want us to keep going and actually do an admin account takeover of your AWS [00:33:00] infrastructure through the web app? And they said yes, and he did it so. While Attack Path, he actually is giving a talk on that exact attack path from La Hack Paris, uh, later.
I think that's this week or next week. So just keeping the client informed of everything that's going on, all high critical vulnerabilities. Sometimes they're gonna want you to keep going with the attack path. Sometimes it's like, oh, nope, you, you've already shown that you can do it. Let's, uh, let's reel it in a little bit.
Um, and, uh, that's harder for some engineers than others. Uh, you know, like you get kind of blood thirsty, right? You get a taste of the juice and you wanna keep going. So.
[00:33:34] Sean Martin: Juice. Juice is good. Uh, John, can you, can you tell me, uh, kind of the, the format of, of this course, this engagement, how much of it is, uh. Content available to review. How much is it live? How much is it interactive? How much is, uh, lab? I don't know, kind of, kind of paint that picture for us. So.
[00:33:57] John Stigerwalt: Yeah, sure. It's probably [00:34:00] gonna be 500 pages of gruesome content. No, with, with some screenshots. No, I'm just kidding. Yeah, so it's gonna be, um, you'll get a lab guide. It's not gonna be taught on PDF, I mean, sorry, it's not be taught on PowerPoint, none of that stuff. You'll have individual videos, so. Videos of each lab walking through independently on how to do it.
Very easy. You'll get a PD lab guide that will be highly detailed and you should be able to walk through independently, um, from start to finish. Um, it'll take you starting out with building own and aws, so you'll have, you'll need ANS a WS account. Um, you'll build that. Everything should be easily detailed.
It's not like, Hey, I'm gonna give you a small piece. Go research on your own. We're gonna give you, since it's entry level course, we're gonna give you as much as we can to get you off, off to the races. Right? Um, and that will be the format. Um, we'll have scripts. There will be a student portal. For this one, I'm pretty sure since it will be entry level, we usually just give Terraform files and say, Hey.
Go build this. But that's more the advanced [00:35:00] style. So I think we'll have a portal where students can kind of just click and plug and play, and then there will be an exam for this. When students are ready, they can schedule through our website and they'll be able to schedule their exam, and that's honestly automated.
I've automated the entire exam part on our side, so if a student wants to cancel, there is no cancellation. I'm sorry. It's completely automated. I understand things come up, but when it running, kicking.
[00:35:26] Sean Martin: I live with the beauty of automation. There we go. Um, so. one thing I know I'm excited for, and we're gonna have to work out the timing for this, but you'll both be in Las Vegas for, uh, for Defcon Marco, and I'll be there for Black hat and we'll probably stay a little bit, uh, to, to connect to Defcon as well. Um, so I'm hoping we get a chance to, uh, actually meet in person, not just on, uh, on camera here like this. And I wanna give you, give you both a chance to maybe a call to action for folks who. Are [00:36:00] in town in Las Vegas that week, the first week of August, uh, exploring, uh, the world of, of hacker dom, if you will, and, uh, and where they might perhaps find you
[00:36:12] Greg Hatcher: Yeah, sure. Uh, so I'll be there. John will be there. Rag SLA and AK Parmar from our cloud team will also be there. Um, Ronak and Rag will probably be hanging out at the Cloud village. You might see John and myself at the RTV, the Red Team Village, and just kind of beep bopping around. Defcon uh, we're hosting the Defcon RTV after party, but it's invite only.
So if you're a cool kid, ask us for a, for a ticket.
[00:36:36] John Stigerwalt: Booth and
[00:36:38] Greg Hatcher: Yep.
[00:36:38] John Stigerwalt: we'll be swag in even though.
[00:36:41] Marco Ciappelli: Nice. Whoops. We we, we didn't hear that. We did not hear that.
[00:36:49] Greg Hatcher: Yeah. Sean Marco, you guys are definitely getting swag. If you coffee, you're getting yet.
[00:36:53] John Stigerwalt: Yep, a hundred percent man, it's gonna be good. So yeah, we'll be doing the Red Team village and then we'll be, um, yeah, popping around. So if anyone wants to get lunch or [00:37:00] hang out, please let us know. Last, last, last year I was there and we did like a table of like 20, so it was a lot of fun. We had a whole bunch of people come in, so we'll buy you guys lunch.
You know, we see a lot of students there as well. So please come say hi to us. You know, we love to talk to you guys, you know, any feedback, any, any issues you guys run into, please let us know. We're always, we're always open ears,
[00:37:18] Greg Hatcher: Yep.
[00:37:19] John Stigerwalt: we do listen.
[00:37:20] Sean Martin: Great chance to see people in person and have, have that personal connection as well. We are, we are humans ultimately. Even
[00:37:26] John Stigerwalt: I totally forgot. We're teaching, we're teaching three courses at
[00:37:30] Greg Hatcher: We, we are.
[00:37:31] John Stigerwalt: Oh.
[00:37:32] Marco Ciappelli: oh, oh.
[00:37:33] Greg Hatcher: After the conference ends. Um, so John and Jordan Jay, they're teaching the Advanced Red Team Operations Certification course. Um, me, Moff and Manny, one of our Skill Bridge interns are te we're teaching the ODPC course, which is all about lower development and bypassing EDR. And then Ronak and Schrag are teaching the A-S-C-P-C, which is attacking, securing, uh, CIC pipeline certifications course.
So it's a very DevSecOps focused, and there's tons of like [00:38:00] Kubernetes attacks in there as well.
[00:38:02] Sean Martin: Cool. That's the one I'm going to.
[00:38:05] Marco Ciappelli: There
[00:38:05] John Stigerwalt: Heck yeah.
[00:38:06] Sean Martin: love,
I love the AppSec
[00:38:07] Marco Ciappelli: you, you, know Sean is gonna stay.
[00:38:09] Sean Martin: I know. Now you, now you, now you've hooked me.
All right. Um, so they can meet you there that week. They can get, get the pick, pick one or more. I'm assuming they're running in parallel. So pick one of the three, the trainings that
in interest you most. Um, and in the meantime, uh, when and where can they get their hands on the ELPT uh, training platform?
[00:38:33] John Stigerwalt: Nove November. November of 2025.
[00:38:37] Sean Martin: 2025. All right.
[00:38:38] John Stigerwalt: Yes, it might get released earlier, but right now we are still in review process and still in dev. So November is the, the final release date for it. So just have the meeting today and set the timeline in stone. So it should be, um, it's gonna be a blast. It'll be awesome. So I'm hoping, hoping to see a mass series of people run into it.
So
[00:38:57] Marco Ciappelli: This is like the exams. Man, you, [00:39:00] you gave the day. There's not going back.
[00:39:02] Sean Martin: That's right.
[00:39:03] Marco Ciappelli: stop
[00:39:03] Sean Martin: It's automated.
[00:39:04] Marco Ciappelli: stop it.
[00:39:06] John Stigerwalt: Well, we've been pushing it back because we're pretty, we're you We're pretty strict on our content, you know, very strict on our training and how we, so we give the best, best. So.
[00:39:14] Marco Ciappelli: of course. There you go.
[00:39:19] Sean Martin: There you go.
[00:39:20] Marco Ciappelli: Well, I, I always have so much fun and, and learning so much by spending sometimes with you, like 39 minutes. Uh, sometimes it's less, sometimes it's more, but always a great opportunity to spread the word of what you guys do. And, uh. Honestly, I, I just enjoy chatting with you and, and that's, that's a big thing for when you do podcast.
[00:39:43] Sean Martin: Yeah.
[00:39:43] John Stigerwalt: Yeah, same here.
[00:39:44] Sean Martin: Absolutely appreciate you both and, uh, yeah, love the work you're doing and, and yeah, hopefully you get more students and help educate the next generation and keep the current ones, uh, up to date as well. Current being current and relevant [00:40:00] is equally important.
so so thank you both and, uh, everybody listening to this episode.
Uh, thanks for joining us for this brand story on ITSP Magazine. Connect with Greg and John directly. Connect with the White Neck Labs team and uh, we'll link to some resources so you can, you can find them wherever they are and where whatever they're up to. So, thanks everybody. See you on the next one.
[00:40:24] Marco Ciappelli: Thank you guys.