Modern Wisdom

What Is An Ethical Hacker? | Thomas Johnson | Modern Wisdom Podcast 105

Thomas Johnson is an ethical hacker and social engineer. Hacking is often thought of as a dark art. Dark basements and illegal activities. But there's an entire other world of hackers who are using their skills to subvert security systems both online and offline for good. Expect to learn just how Tom hacks both people and computers to break into secure buildings, how safe your information is online, what tools Tom uses to bypass the systems that are meant to keep him out and his best advice for staying secure online. Also get ready for him to hack into a university's CCTV system only using Google while we are recording. Extra Stuff: Check out everything I recommend from books to products and help support the podcast at no extra cost to you by shopping through this link - https://www.amazon.co.uk/shop/modernwisdom - Listen to all episodes online. Search "Modern Wisdom" on any Podcast App or click here: iTunes: https://apple.co/2MNqIgw Spotify: https://spoti.fi/2LSimPn Stitcher: https://www.stitcher.com/podcast/modern-wisdom - Get in touch in the comments below or head to... Instagram: https://www.instagram.com/chriswillx Twitter: https://www.twitter.com/chriswillx Email: modernwisdompodcast@gmail.com

TJThomas (Tom) JohnsonguestCWChris Williamsonhost

Sep 23, 2019·1h 4m·Watch on YouTube ↗

📖 CHAPTERS

1. 1
   0:00 – 1:27

   Data is the new oil: why cyber conflict is the future of war

   Tom frames modern hacking in geopolitical terms: data has become a strategic resource more valuable than oil. Because cyber capabilities are relatively cheap compared to traditional military assets, information warfare is positioned as the next dominant battleground.

2. 2
   1:27 – 2:31

   Defining social engineering: hacking the human, not the machine

   Tom explains social engineering as manipulating human psychology to elicit secrets or actions a person shouldn’t take. Even expensive technical defenses can be bypassed if someone is tricked into handing over access.

3. 3
   2:31 – 3:20

   Your best defense: pattern recognition and the ‘gut feeling’ signal

   Rather than portraying people as purely weak links, Tom argues humans can be strong detectors of suspicious patterns. He describes ‘gut feeling’ as subconscious pattern recognition that can interrupt manipulation attempts.

4. 4
   3:20 – 6:01

   Origin story: early hacking, mischief, and the internet as a playground

   Tom recounts how being pulled from school led to heavy computer use, game copying, and deeper curiosity about how systems work. With early internet access and little ethical guidance, curiosity escalated into risky experimentation.

5. 5
   6:01 – 7:05

   Getting caught (sort of): the ‘police arrest’ that was a social engineering lesson

   Tom describes being ‘arrested’ as a teenager and threatened with extreme consequences—only to learn decades later it was staged by his mother’s police friends to scare him straight. The incident became his first vivid demonstration of social engineering’s power.

6. 6
   7:05 – 8:45

   From black-hat impulses to white-hat career: university, ethics, and credentials

   After stepping away from computers and experiencing business failure, Tom chose cybersecurity as a legitimate path. He ‘blagged’ his way into university, excelled academically, and reframed himself explicitly as a white-hat operating within the law.

7. 7
   8:45 – 10:24

   Offline social engineering in action: cloning university smart cards

   Tom shares an early ethical hack where he reverse-engineered a university smart card system, built a cloner, and used disguise to skim staff cards. The result demonstrated how physical access and human trust can defeat institutional controls.

8. 8
   10:24 – 13:13

   Recognition and escalation: speaking to law enforcement and the Home Office/FBI connection

   A talk about his work led to invitations at high-level cybersecurity and forensics events. Tom describes presenting to hundreds of top professionals and receiving notable recognition, symbolizing his shift from teenage hacking to working alongside institutions.

9. 9
   13:13 – 15:00

   Building the technical toolkit: OSCP, Kali Linux, and the social vs technical skill gap

   Tom explains his focus on OSCP and why it’s globally respected, grounding his work in penetration testing methodology. He also contrasts the abundance of technical hackers with the relative scarcity of strong social engineers who can persuade in person.

10. 10
    15:00 – 16:54

    Inside a real corporate test: reconnaissance, pretexts, and rapid physical compromise

    Tom walks through an unnamed company engagement where he researched staff, built profiles, tested multiple pretexts, and used a fabricated project meeting to gain trust. With cloned access, he entered secure areas quickly and remained for hours largely unquestioned.

11. 11
    16:54 – 18:54

    Hacker gadgets explained: Rubber Ducky, Bash Bunny, and stealth payload delivery

    Tom explains popular physical attack tools that masquerade as benign USB devices. These devices emulate trusted peripherals to execute scripted actions at high speed, enabling local compromise even when users believe they’re protected.

12. 12
    18:54 – 27:24

    From covert cameras to software-defined radio: the expanded attack surface (including cars)

    The conversation broadens to small computers, hidden cameras, malware masking, and powerful SDR gear that can interact with many wireless technologies. Tom connects this to real-world crime such as keyless car theft via relay attacks and offers practical defenses.

13. 13
    27:24 – 41:58

    Password reality check: reuse, cracking strategies, and mnemonic generation

    Using Chris’s own breach story, Tom explains credential stuffing and why password reuse is so damaging. He outlines how attackers use dictionaries and rules (not pure brute force) and offers a memorable method for generating strong passwords.

14. 14
    41:58 – 51:37

    When attackers have a country behind them: Stuxnet, medical devices, and ‘good vs evil’ tools

    Tom details how nation-state capabilities dwarf individual attackers, using Stuxnet as a landmark example of cyber causing physical destruction. He also discusses research into medical device vulnerabilities and reframes hacking as a tool—morally defined by who wields it.

15. 15
    51:37 – 1:01:16

    Everyday exposure: IoT risk, Google dorking, live CCTV compromise, and what individuals can do

    Tom emphasizes that many real-world compromises are ‘low skill’ due to misconfiguration, showing how advanced Google search operators can expose cameras and systems. He shares practical guidance: unique passwords, email as the crown jewel, cautious device purchasing, and broad security awareness.

16. 16
    1:01:16 – 1:04:20

    The security talent gap and how to get started (legally)

    Closing out, Tom highlights strong compensation and a looming workforce shortage in cybersecurity. He recommends beginner-friendly legal training platforms and encourages listeners to pursue the field as a meaningful career change.

Get more out of YouTube videos.

High quality summaries for YouTube videos. Accurate transcripts to search & find moments. Powered by ChatGPT & Claude AI.

iOSAndroidClaudeChrome