I’m Ryan Chaplin, lead penetration tester at Raxis. If you team with Raxis for a penetration test, social engineering engagement, or a red team, we might get to work together!
Bonnie: Tell me a little about your background?
Ryan: When I was a kid, at about 9 or 10 years old, I started building my own computers. By junior high I was in advanced placement software development courses through Indiana University Southeast.
This continued through college where I took computer science courses. However, due to the job market, after the 2008 crash, I ended up working in marketing right out of college. I read Automate the Boring Stuff with Python, which was absolutely pivotal because it allowed me to automate 80-90% of my job and focus on skills I wanted to improve. Realistically it means I ended up doing everything but marketing.
Bonnie: So how did you get into Penetration Testing?
Ryan: Several years ago the company I was working at was hacked and was actively serving our customers malware. Our main developer locally was on maternity leave, and our offshore devs were all on holiday. I ended up being the main technical resource who was available and familiar with our website, so I was thrown into the fire for my start.
At the time I helped develop and deploy a patch. Then, in the medium and long term, we came up with mitigation strategies, but, really for me, that started my passion to learn more through platforms like HackTheBox and OffSec.
Bonnie: What a way to start your journey into cybersecurity! Did you just manage to find those platforms and come up with mitigations on your own?
Ryan: Definitely not! One of my closest friends from undergrad introduced me to the community, and I do believe the cybersecurity industry is much more of a community than most industries. We are all learning and building each other up together. The emphasis in the cybersecurity community about giving back is one of my favorite things about this industry.
Bonnie: So community is really important to you?
Ryan: Absolutely! I’m from a very small town of only about 1,500 people. Everyone knows everyone, and, even though I now live outside of a major city, the lessons I learned in that small town about the importance of sticking together have stayed with me.
Bonnie: Wow that is a small community! Anything more you can tell me about that kind of community?
Ryan: When I was growing up there, no one really had much of anything, so we focused on the good times we could have together. I wouldn’t be where I am today without such a great family and community standing behind me. I still visit several times a year.
Besides that there are all kinds of fun stories that would take up way too much time. Some other time you will have to remind me to tell you about how we used to take jon boats up the highway when it flooded or stories about Larry Bird – you know he was originally from my hometown – if you are into the NBA or basketball.
Bonnie: Wait, you are from a town of 1,500 people, and one of them was Larry Bird?
Ryan: Hahaha! Yeah, I guess it’s a pretty atypical town. It’s Indiana so we already have a much higher percentage of people who are into basketball, but I would say my hometown takes it to another level in terms of enthusiasm.
Bonnie: So I’m assuming that is probably one of your hobbies? Do you have any others?
Ryan: Playing and watching basketball are two of my hobbies, but, honestly, I have a lot of hobbies. I’ve also consistently been into running and lifting weights for a very long time. Now that I think of it, my first experience “hacking” really was installing a chip in my PlayStation so I could play homebrew and modified games. So video games have always been around in my life too.
Otherwise, I really enjoy a challenge and learning new things. During COVID that meant mastering my sourdough technique. Lately I have been playing piano for a new challenge. Lastly, of course, I’m into computers. The challenges I’ve been looking into recently, when it comes to computers, are working with and understanding low-level code, like assembly, better.
Bonnie: I could see that being useful for your cybersecurity career as well. What are your plans with your career?
Ryan: Yeah, I really think becoming better acquainted with low-level concepts will help me to succeed when I take the OSED in the next year or two. I’d love to eventually get my OSCE3 and a CISSP as well.
Right now, though, I’m just excited to be joining a team like Raxis. This is a goal I’ve worked towards for over six years, grinding through become a top ranked hacker on HackTheBox, getting my OSCP, and watching countless hours of DefCon and Black Hat talks. There really couldn’t be a better company for it to happen at either. Not only does Raxis have amazing clients and great relationships in the security community, but I’ve also been impressed with each person I’ve worked with so far.
Bonnie: Thanks for the kind words! We are looking forward to having you on the team full time!