I’m Jason Taylor, lead penetration tester at Raxis. I’m bringing my love of learning and my enthusiasm for enabling companies to improve their security posture to the team. If you team with Raxis for a penetration test, social engineering engagement, or a red team, we might get to work together!
Bonnie: You’re our first penetration tester in Kansas, and I know you’re a big part of building the cybersecurity community there.
Jason: I grew up in Fort Worth, TX but have been in Wichita, KS since 2006. While I have gotten used to small city living, I do still regularly drive up to Kansas City to visit Ikea or take occasional trips down to Texas for conferences or events.
I enjoy driving and will always drive if it’s an option. I’m on the tall side and don’t fit well in airplanes; I would happily drive for 11 hours instead of spending 2 hours in a plane.
Bonnie: As our vertically challenged team member, I don’t have that problem, but I can see why you feel that way. And you’ve had reasons to travel with family around the country, right?
Jason: Yes, I served a brief stint as a security guard at a casino in California for a year while visiting my grandmother before she passed. We then moved as a family out to Wichita where my mom’s sister was located.
Bonnie: And I know your family has been proud of all you’ve accomplished through the years.
Jason: I was the first person in my immediate family to go to college and got a degree in information security.
I worked through college building aircraft blower motors used in the ventilation system of planes. So, the next time a little cone blows semi-cool air onto your face, you might be able to thank me for that.
Bonnie: You actually started your IT path even before you graduated from college, right?
Jason: Shortly before graduating college, I got a job as a part time network administrator at a law firm. Since our department was only made up of two people, I was exposed to everything from ISP routers and Wi-Fi setup to installing software before deploying a new PC.
When I learned about Windows PowerShell, I dedicated time to learning it. I automated our new PC deployments and software installs. I automated every task that I could. I was then able to spend more time applying what I had learned to improve our security and workflows.
Bonnie: I see you caught on to what makes so many developers love the work… do it well, and you make things easier for everyone. And then you make the time to make other improvements!
Jason: Yes! I secured our exposed ethernet ports by putting them on a guest LAN; I secured our Wi-Fi by separating the guest and corporate WLAN, and I started adding detection software like Kismet to detect rogue access points.
I moved on to get a system administrator role in a bank, where I continued to bring automation and a focus on security to my job functions. I eventually moved into an information security analyst role at the bank and became a security engineer.
Bonnie: That’s a great path into cybersecurity. You taught yourself to build the tech and then moved on to protecting it. Tell me more about how you ended up moving into penetration testing.
Jason: I discovered HackTheBox and TryHackMe, two CTF/hacking learning platforms. I thoroughly enjoyed them and was having a lot of fun learning about exploits, vulnerabilities, etc. I especially loved the practical aspect of performing these attacks in a lab environment to learn more about them.
Initially my goal was to learn how attacks happen in order to strengthen my defensive skills, since I was working as a system administrator and my job was to build and maintain secure environments. I quickly started loving hacking more than I did learning about cloud infrastructure management and group policy migrations.
Around this time, I started noticing a lot of breaches were occurring all around the country. I received breach notifications from sources I follow every few months. That made me even more interested in delving into security.
Bonnie: But you didn’t stop there. You’ve earned a lot of security certifications as well, right?
Jason: In 2020 I made the commitment to myself that I was going to switch gears, and, instead of protecting my one little company, I wanted to help more than just one employer. My strong desire for efficiency kicked in, and I wanted a bigger impact for my efforts.
I studied for and obtained the Security+, then moved on to OSCP, more CompTIA certs, and eventually the PJPT and PNPT. Work paid for me to obtain my GCIH, which was a very fun cert.
Since I had been a system administrator for 10 years in the financial industry, I am very used to receiving annual penetration tests… and of being the guy that needs to resolve the issues found.
I had a lot of opinions about what pentesters provided and how they could have better presented information to help me, as a defender, to replicate and resolve their identified issues. This led me into loving the task of writing pentest reports.
Bonnie: Well, that is new! I don’t know any penetration testers who would volunteer for more reporting!
Jason: You found one! My favorite part of the OSCP, PJPT, and PNPT were the need to write an actual, functional penetration test report on my findings. I have since learned that I am a bit in the minority in that. I think it stems from my past as a system administrator and needing factual, actionable and reproducible information.
Bonnie: So, what do you like to do to unwind & have fun?
Jason: I have recently gotten really into small electronics. Like most people, I have a couple of Raspberry Pi’s sitting in a drawer doing nothing but collecting dust. In 2023 I volunteered for a local security conference (OzSecurity in Wichita), and one of my tasks was to assist with the electronic badges that we hired a company to build for us.
I had a lot of fun learning to program them to blink and even built a small text-based game inside of the badge. For 2024 we needed to build the badges ourselves, and I spent a few months learning PCB design and went through the whole process of knowing nothing to building a fully functional PCB badge with LEDs, Bluetooth, and Wi-Fi capabilities. This time I built an almost full featured text-based RPG in the badge for conference goers to enjoy.
Bonnie: Awesome! We show a photo of that badge you designed in your OzSec 2024 post last month for anyone interested.
Jason: I also recently got a 3D printer and have enjoyed the hobby of using it to print all sorts of things… especially printing toys for my two kids. They love it when I print ducks, keys, and other little knick-knacks. It’s also cheaper than commercial toys, if we ignore the $600 I spent on the printer….
Bonnie: That $600 is just the investment, and investing is good, right?!
Jason: Exactly! I love to learn new things. I have a fair number of certifications and plan to continue getting more. If I ever have a spare moment, I can usually be found watching some random educational/science YouTuber, learning about everything from how apples are harvested to how traffic lights work. I also have a fascination with vehicle recovery services, and shed moving/repo videos…
Bonnie: You love to learn, is what I’m hearing.
Jason: I also love helping others and teaching what I know. As a system admin at the bank, I would often run the Backdoors & Breaches Incident Response card games with both the security and system admin teams. I loved building realistic scenarios, and, with every single game, we came away with some weakness or gap identified that we could add to our list of things to improve upon.
Bonnie: I love that! And now we are excited to have you on the Raxis team where you can share your knowledge and help our customers build and improve their cybersecurity systems as well.
