How to Grow your Career in Cybersecurity with Grant McCracken

[00:00:00] Get ready to discover some of the most actionable DevOps techniques and tooling, including performance and reliability for some of the world's smartest engineers. Hey, I'm Joe Colantonio, host of the DevOps Toolchain Podcast and my goal is to help you create DevOps toolchain awesomeness.

[00:00:19] Hey, want to get into cyber security or learn more about security tests and hacking or AI? Well, you're in the right place, because today we'll be talking all about it with Grant, who's an expert on all things cyber security. If you don't know, Grant has over 13 years in cyber security, working on both ethical hacking and also as an executive, he currently is the founder of DarkHorse Security. Love that name. An organization on a mission to make cybersecurity more accessible and affordable for organizations of all sizes and budgets. As we get into the AI era, we'll probably need security more than ever. I'm really excited about this conversation and you don't want to miss it. Let's do it.

[00:01:44] Hey, before we get into this episode, I want to quickly talk about the silent killer of most DevOps efforts. That is poor user experience. If your app is slow, it's worse than your typical bug. It's frustrating. And in my experience, and many others I talked to on this podcast, frustrated users don't last long, but since slow performance is a sudden, it's hard for standard error monitoring tools to catch. That's why I really dig SmartBear is Insight Hub. It's an all in one observability solution that offers front end performance monitoring and distributed tracing. Your developers can easily detect, fix, and prevent performance bottlenecks before it affects your users. Sounds cool, right? Don't rely anymore on frustrated user feedback, but, I always say try it for yourself. Go to smartbear.com or use our special link down below and try it for free. No credit card required.

[00:01:51] Hey, Grant, welcome to The Guild.

[00:01:55] Grant McCracken Thanks for having me. Happy to be here.

[00:01:57] Joe Colantonio Great to have you. So how'd you get into cyber security? Let's start with that.

[00:02:00] Grant McCracken Oh boy, about the same way everybody does, you just trip and fall in. Back in high school, we used to do basic sort of evasion stuff on the machines just to be able to like play games or like go to websites that like the school filters didn't allow you to do. And so I had some friends that sort of ran in that same circle. We all sort of played games or whatever. Years down the line, I went to college for communications and I thought I was going to work in like marketing or PR or something like that. And then this buddy, he reached out to me, he like stumbled upon this job on Craigslist of all places at White Hat Security back in the day. And he was like, he enjoyed the job. And he's like, Grant, you could do this job. And so I applied and they're like, yeah, back in the day, the way White Hat worked, and I think maybe some of the ways that White Hat still works is. They had a methodology where they'd take anybody that was like curious and able to learn and they'd teach you application security. And then you over the course of time grow and eventually, you move up within the organization, you go somewhere else. But it had a really good, and the word farm has some negative connotations, but like it was a really farm system in terms of like, it was fantastic. It produced a ton of really high quality application security people that are all over the industry now.

[00:03:22] Joe Colantonio Love it. You've been at both sides, as I mentioned in your bio, you been both a hacker and an executive. I guess let's start off with the hacker. If someone's listening today and wants to break into ethical hacking or bug bounty hunting, especially with AI around, where should they start realistically?

[00:03:38] Grant McCracken Yeah, so I'd start with maybe Hack the Box. I don't know if you're familiar with Hack the box, but Hack the box is a fantastic resource where they've got a ton of different, you can get started for free and the cost is minimal in terms of like the financial burden as opposed to like, if you try to do like a more advanced certification, you're looking at like thousands of dollars, with Hack The Box, you're looking at like 20 bucks a month or something like that. So Hack the Box is a great place to start and kind of just go down. A number of different trees as it were or branches where you could potentially go into even because once you get into like cyber security it's usually branched out into like two different groups there's red teaming and then there's blue teaming. And hack the box has off ramps for each which is again fantastic in terms of so if you decide you want to be more defensive in nature right that's going to be the blue team side of the house you can go that way. Whereas if you want do more ethical hacking again you can take a bunch of different routes in terms of if you want to hack Network stuff, web application stuff, mobile, API's, whatever it is. And so where you can find your footing, some other great resources, pen tester lab, same concept, really great for learning stuff there. And then port trigger Academy is also just generally fantastic. And then once you've got your feet underneath, you can go check out bug bounty programs of order ability disclosure programs for organizations and really start hacking stuff in the wild and bug bounty programs just for people that don't know are programs where an organization say, for instance, Google has a really famous bug bounty program where they say if you can find a vulnerability in our suite of software and obviously it's tiered out, right? If you can't find stuff in like Gmail, it's worth way more than if you find it in some other piece of technology, but you'll get rewarded thousands or even hundreds of thousands of dollars for vulnerabilities. Now other bug bounty programs pay a lot less, but, they're potentially easier to find vulnerabilities on so on and so forth.

[00:05:36] Joe Colantonio All right, here's a totally random question. I get these emails all the time. Hey, I've found a vulnerability with your email. Do you pay bug bounties? And they keep sending me emails. I don't know who this person is. Are those legit?

[00:05:48] Grant McCracken Well, it depends. And I mean, I don't want to say no, they're not legit, right? Because like, if somewhere in there, somebody maybe actually tried to tell you about a vulnerability, so I don't think it needs to be like unilaterally dismissed. Is it like, are they talking about like vulnerabilities with your like from a personal level or like an organization level?

[00:06:12] Joe Colantonio My email business, kind of like they say could be spoofed. But when I'm running through like some sort of spoofing thing, it's like, no, you have the right DMARC certifications and all that. So I don't know if it's real or not, or they should can be down for money. Are they, is it a veiled threat? Like I never know.

[00:06:26] Grant McCracken Yeah, okay, that's a really common one. So they're usually something to do with like an SPF record or DMARC or DKIM. One thing I've seen, right, so people, so SPF records are like supposed to be like when you send an email, it checks, okay is this like an approved sender? So the SPF Record says like these are the approved senders. Sometimes, so there's a couple of flags that you can use there. There's like an intermediate filter that sometimes people can like spoof emails even though you have like an SPF record.

[00:07:03] Joe Colantonio Oh, right, yeah, yeah.

[00:07:05] Grant McCracken That could be what they're seeing is that they're potentially able to like spoof an email on behalf of your domain. You can even have an SPF record that like doesn't do anything. Just like you can have like a DMARC record that doesn't do anything with emails that don't pass that criteria. That might be what their indexing on. Again, that's just one of those, but that's like hyper-automated and it's just like people spam that thing every all over the place. It's possible but if you've investigated if like it can or can't be spoofed then that's it. Sorry, I don't mean to go down a rat hole there.

[00:07:40] Joe Colantonio That's fine. I know you all.

[00:07:45] Grant McCracken Long story short, it may be valid. That is something you see a lot. And again, it's a low, super low hanging fruit. But again, if somebody can spoof mail from, say, you don't have an SPF record or DMARC or DKIM, somebody could potentially spoof mail from your domain. And that does have reputational issues, not the least of which being like social engineering, or domain reputation as far as like spam and other things.

[00:08:13] Joe Colantonio Should all companies have a bug bounty program already set up? Is that something common or is it the opposite? Oh, what's the heck's the bug? I'm getting connected. They have a Bug bounty. They want money. So should companies have it in place before they get those type of emails?

[00:08:28] Grant McCracken What they need to have in place, in my view, is something called a vulnerability disclosure program. Now, not every organization is ready for a bug bounty, just so we're clear on that. Now, am I going to say every organization should ideally run a bug bounty? Absolutely, right? Like that's just, I mean, and just for context, right, bug bounty within the sort of the scope of vulnerability identification solutions, nothing compares to bug bounty. So if you're actually serious about identifying vulnerabilities at scale, nothing's better than bug bounty and I know that's a really bold statement. Like that's pretty aggressive. It just gets, I mean, I've run hundreds, if not thousands of bug bounties over my career and I've never seen any tool that delivers results because it just makes sense from like a intuitive sense. If you run a penetration test, you've got one tester, maybe two testers following a methodology over like five days, but you don't have, and you can have a scanner constantly looking for things too, but like with bug bounty you get so much ingenuity, so many people looking in places that a scanner can't get to, a scanner it can't think about. And they're financially motivated and they're going to be just way more successful just as a function of more people, more methodologies, more time. Anyways, long story short, I think that bug bounties are super useful for organizations. But before you get to a bug bounty, the very first thing I recommend organizations do is have a vulnerability disclosure program. And that's just something where you say, if you want to report a vulnerability to us, here's how you do it, because you want have a mechanism for that. So that they're not spamming the CEO or whoever it is. They email security at or there's a form that they can fill out or something to that effect. And it's extensively a lot better if you have a platform that helps you with it just because it makes it easier to identify duplicates. If you're tracking an emails and spreadsheets, it's just a lot harder to stay on top of. So organizations start with a vulnerability disclosure program and Bug Bounty's kind of further up the chain and again, I'll stop shortly, like in my view, it goes vulnerability disclosure program, that's just at the ground floor. Then you want to do like automated scanning just because that's going to pick up low hanging fruit. Then you wanted like sort of some sort of human intervention on top of that scanning, and then you go to a pen test and then once you've done all those things, you're potentially in the bug bounty territory. If you jump straight to bug bounty, everything that could have been picked up by a scanner or an assessment or a pen tests, you potentially paying out for those vulnerabilities. You want to make sure that you kind of the discord sort of a hierarchy in my mind as far as hygiene as it relates to security and obviously that goes all the way you know you go a couple more layers all the way to like red teaming and like social engineering and stuff like that.

[00:11:09] Joe Colantonio Nice. Another dumb question. How does someone know how to fix it? Say you have a bug bounty. Someone submits it. You're like, all right, thanks. Here's some money now. Now what?

[00:11:18] Grant McCracken Ask ChatGPT. I mean, there's a ton of good resources out there. A good hacker is going to provide a little bit of that context. But again, it's generally not horribly complicated. Say for instance, you've got like an SPF issue, ideally, you should be able to like Google pretty quickly. Okay. Like how do I set up an SPS record? Well, it was just like a TXT record on for your DNS and you do that. And then, you can also investigate DKM and DMARC at the same time or if like it's a cross-site scripting vulnerability. If you look it up, it's pretty straightforward. It's like, sanitize your inputs and your outputs. Where is this input coming from? Let's go look at that. Let's make sure we like sanitize the input. And then we also just make sure wherever this information is reflected, we're also encoding that. So it's not, they're not able to just inject arbitrary HTML or JavaScript onto the page.

[00:12:18] Joe Colantonio Perfect. Perfect. All right. So I know a lot of DevOps people maybe dip their toes in security and quickly feel overwhelmed. What's a good, I don't know, minimum viable lab set up you'd recommend for someone to just start testing the waters for maybe some sort of ethical hacking within their company?

[00:12:35] Grant McCracken Are we talking about like practicing ethical hacking or?

[00:12:41] Joe Colantonio I would say, learning to implement it, like, say, all right, we know we have we need to do more security. I'm gonna take it up on my team to do some ethical hacking to try to uncover certain things. Is that always done by an outside company that sets it up beforehand with the company? Hey, we're going to do this, this and this. And you have your parameters set rather than someone in house that's going to mess around to try to break things, let's say doing an ethical hacking.

[00:13:06] Grant McCracken Yeah, it can go both ways. So some systems or frameworks, for instance, like PCI or SOC 2, they require that it be, well, specifically PCI, at least, requires that it'd be done. Any security testing be done by a qualified professional and that they are outside of the organization. Now, that can be like, technically, they can be inside the same company, but like outside of the organization that like implemented the controls, you can't just like pen test yourself and be like, oh, I'm cool. In those contexts, you have to go kind of outside. But absolutely, if you can, again, I would recommend starting internally, you're just trying to pick up and again, everybody has limited amounts of time. I'm not saying, go learn how to hack and then all while not doing anything security. If it's going to take you a year to learn how to hack, go hire a pen tester to get started and try to learn from what they do. But again, I mean, depending on what you're securing, say for instance, at the web application, you can follow there's the OWASP testing guide. So you could just go through that testing guide and each item on that testing guide will tell you, okay, go check for this. So say you start just on the login page or case like what should I test on? The login form, okay, we're testing for SQL injection, cross-site scripting, we are testing for authorization bypasses, things like that. And then you can kind of go down and systematically kind of follow that framework to kind of check those different boxes and learn each one as you go. There's other methodologies as well in terms of like how to secure X, Y, and Z. If you're trying to test the network, okay, well, just start by port scanning the network. See what's running on all the different ports, see if you can sort of map what those services are, and then you look for vulnerable services. And Oh, that's weird. Like, why is this person running like an FTP server? That's not, that shouldn't be on the network. And so those are just kind of some places to start. But again, that's kind of just on the hacking side. When we're talking about security in general, right? There's so much to security. Whether that's, I think the stat is something like over half of breaches start not through vulnerabilities, which again, vulnerabilities are still a big problem, but through people. And so one of the highest ROI things, and it's not fun to talk about, like it's not as sexy as it were as like, you're hacking and gaining a shell on a machine, but just making sure your people know how to be more secure. They've got MFA, they're using a password manager. They're not opening wonky emails or going to weird websites. When you do those things, you eliminate a ton of attack surface. If you've got like that human layer is just super vulnerable. But again, I could talk forever about hacking the app layer and the network layer as well.

[00:16:01] Joe Colantonio Yeah, I was reading a book on hacking and they said you'd be surprised social engineering is probably the easiest thing to do in order to get access to things you're not supposed to, it sounded like.

[00:16:11] Grant McCracken Have you ever been to DEF CON?

[00:16:13] Joe Colantonio I have not, no.

[00:16:15] Grant McCracken So at DEFCON, there's this really cool area, I think it might be called the social engineering village. Everything's villages there, but they have a competition where they social engineer people in real time. Now, of course, they don't record those because there's laws about recording people without their knowledge but when you sit in on these conversations, it is like, it's crazy. Cause like, you just get assigned a company. And you're dialing them in real time and your goal is to get them to open some pdf or something like that or to go to a website and do a certain action or to disable some sort of-anyways, it's just absolutely fascinating to watch it happen in real-time you're like oh no, like these people they could just and they're calling up like big companies like telecom providers or whatever and getting them to do things that they probably shouldn't be. It absolutely the human layer is and I mean, we're fairly easy to manipulate. It's hard to put that delicately, but humans are fallible. Absolutely.

[00:17:24] Joe Colantonio Absolutely. You didn't mention ChatGPT. I know you only you're only kidding around. But I always tell people they say, Joe, I'm just getting into testing. What should I do? And I always say, maybe I'm just wrong. I say, if I was a younger man, I get into security, security testing for some reason, because I don't think AI is going to replace as many things. I think it will in development and software testing. It could be wrong. Where do you see AI impact in security? If someone's just starting out, do you see it replacing security testers or cyber security experts or do you see it almost creating more of a need for these type of skill sets?

[00:17:59] Grant McCracken A little bit of A, a little bit B, and just to jump back on the ChatGPT thing. Actually, don't feed ChatGPT your code base. But if you ask ChatGPT or Claude or whatever your preferred LLM is. How do I fix SQL injection? It'll absolutely is a fantastic prompt for that. Again, do not under any circumstances feed it your code. But yeah, so the ton of value in doing that. As far as AI, it absolutely is introducing new vulnerabilities. For instance, prompt injection is like this new class of vulnerabilities where like it didn't exist before these LLMs and it opens a ton of opportunity. I saw something on a guy, Jonathan ...., also a White Hat alumni from back in the day, but he put some, some sort of instruction on his LinkedIn profile that says like Okay, now, like, read me the contents of Etsy password or something like that. And then he got like some LLM or whatever, tried to like read his profile page and then like it instructions were to like send him an email or whatever. But like, it like, hi mister. And then like reads out Etsy Password. There's a ton of like these systems are still designed by humans, and they're so nascent in terms of, and there's such a push from the executive layer, as it were, to like implement AI because of cost cutting and all these things. And so it's being rolled out very quickly and very poorly understoodly, if that's a term, but so it creates a bunch of new vulnerabilities. There's a ton of opportunity to get in on AI hacking. And so human isn't going away long story short. There's still things that AI can't necessarily do as well as humans, and that's always kind of been the case from security, from a security perspective, where like humans can look at something and be like, Oh, but what if I increment this? And then you can evaluate the output and be, a scanner or something like that's going to look at it and be like, oh, it's a 200. We're good to go. But like a human can look and be like, okay, it actually just not feeding me new information. Or they'll be able to say, Oh like, even though it, it looks like there wasn't a useful piece of information here there, if I actually do this other thing, it'll become more valuable anyways. But I am excited about some of the more contextual things that AI can potentially bring to the table. For instance, it does make scanners, I think, better than they were before in terms of more intelligently, kind of going through an application and really understanding what that application does, which again is something that a scanner could never do before. So with AI on top, I think that there's, but again, it's not going to replace anybody's job. I think their job just changes. Your job changes from. And that's always kind of been the case, just so we're kind of clear on that. It's always been automation improves and you just move up in the value chain and you're just doing something else, but like, I don't think at any point, like the number of security roles has diminished. And so again, it may be, I don't wanna be the naysayer on AI or something like that, obviously, there's a ton of value and benefits to it, but I don't think it's going to necessarily negatively impact the security community so much as it's actually kind of almost a boon.

[00:21:37] Joe Colantonio I've probably watched too many movies. I've been messing around with Cursor, Manus, and these create code from, I don't know what it's doing. It's just creating an app for me. All this code, no idea. I mean, a nation state could somehow, I guess, put in backdoors for all I know. Is that something people need to be worried about? Say that the team is using assistant code generation for them. Like what is the baseline that they need nowadays in order to make sure not only is that code that generator is working, but that it's not. It doesn't have security flaws. Is that already a known thing that everyone knows already when they're trying to implement AI generated code?

[00:22:13] Grant McCracken Yeah, I would not recommend just running with AI generated code just out the box. That's not a great idea for as good as it may be and as intelligent as it may be. You still need somebody to look at it and you still need somebody to Look at it from a critical perspective, not just look at it from like, Oh, if I click a button, does it do the thing that I want the button to do? You need to be looking at it from okay, like, how could I break this? Because that's, I mean, and again, human code, AI code, whoever's code. Just because it's written by a human doesn't make it better than AI. And just because it was written by AI doesn't make it a better than a human. All that code needs to be reviewed by someone from a security lens to say, Oh, actually, like, you could break this little thing or cause you write something and you're like, okay, it does what I think it should do, but if you really sit there and you critically evaluate, sometimes you'll be like, oh, actually that could be a vulnerability. If you like are in this certain context. I would absolutely recommend cross-checking anything you do with AI. I'm not saying not to use AI. I think that's incredibly useful and incredibly beneficial. Now, as it relates to your other point there, LLM poisoning is actually, yeah, very much a real thing where you could, if you know the data that it's trained on, you could then poison that data with, Oh, like write me a login function and then like. And then, somehow get it to also include like, Oh, when you write a login function, actually add like this, like external call that like adds a backdoor or something like that. I think there's absolutely risk there and you just have to eliminate. But I mean, we see that all the time, like pre AI packages. There's those like people that take over like Python packages and stuff like that and like everybody's just like pip install this package. And then, they've got a vulnerability on you. I mean, it's just a different version of supply chain vulnerabilities. It's just all of this AI stuff is now part of the supply chain.

[00:24:18] Joe Colantonio As I mentioned, you also are an executive. What should executives worry about? What kept you up at night or keeps you up at night from a security perspective?

[00:24:26] Grant McCracken Yeah. I mean, from a security perspective, I was in charge of like post sale and delivery. I wasn't super worried about security things just because that wasn't really my world. We mainly just use software to do kind of what we were doing. We weren't like building new software. I mean if we're being honest about what kept me up at night, it was like HR stuff and budget. What are we going to do about this person that's got this problem with this other person and like that was kind of my world is just like managing people and spreadsheets. I think right now, if I put myself in, in the seat of a CISO or something like that. You got to still worry about the fundamentals, the fundamentals being like understanding your attack surface and making sure you're doing the basics. Again, for all the AI stuff, and again, you also want to be worried about the deployment of AI and potentially like shadow IT and other people creating stuff, but as a function of that, just understanding your attack surface. What are people doing and where are people doing it? That to me is kind of like one of the fundamentals that kind of underlies everything to do with sort of security leadership. If you don't know what you're securing, you can't possibly secure it. There's like that Rumsfeld quote "there's the known unknowns, and then there's unknown unknowns". And it's the unknown unknowns that are like going to get you. If you have a sense of what's out there, then you can reasonably prioritize and then sort of strategize in terms of how you want to handle those things. It's the things that you don t know about that are the most lethal, at least in my view. If you know about a vulnerability or a potential vector for exploitation, you're not just going to sit on it or you're doing your job poorly. And so if you know about something, it then allows you to take action on it. But if you're not able to get to the point that you're able to take action because you don't know about it, that's again, where the real dangers come up. And again, I am just theorizing here. It's not my day-to-day, but were I in a CISO situation that would, again, just focus on the fundamentals. Do the little things right, which extend.

[00:26:52] Joe Colantonio Makes sense. So what do you all do in a DarkHorse? And maybe a quick plug. What would you do there? What do you specialize in? If people listening? Oh, this guy knows what he's talking about. I want to work with them. What does DarkHorse do?

[00:27:02] Grant McCracken Sure. I've overseen pen testing and delivery teams for long time and also overseeing bug bounty and all these different things. After I left my last company Bugcrowd a little over a year ago, I was like, okay, what do I want to do kind of now with my life, right? I was, like, I could go, like I don't know, start like a coffee shop or just make a hard left turn. like, well, I've been doing this for like a dozen years at that point. I'm pretty good at this stuff. So I understand not just like the tactical sort of the tactical sort of how to pen test world. I also understand, the business side of the house, as well as how to deliver this quickly and efficiently. And so the idea with Dark Horse is to take all that together and build a platform that makes it easy and affordable for organizations to get access to cybersecurity and that's through abstracting out all these extra service layers. I've seen situations where 10 different people touch an account to deliver a pen test. And I'm just like, why do we have to have ten people touching this? What if we could have a platform where zero people touch it? And I get this feedback sometimes when I tell people about this, they're like, yeah, but like, is it really that simple? And my answer is always, does it have to be that complicated? I don't know if it's misattributed to Einstein, but if you can't explain it simply, You don't understand it well enough. Distilling pen testing to something that's super simple. So like you as a CTO of an SMB can come in and answer 15 questions and put your assets and credentials and you can get a pen test. And as a function of us making it so simple and efficient, it also costs you less. And so the whole goal with Dark Horse, at least at this point in time is to make security more accessible and more affordable to organizations of all sizes and budgets. And so that's the platform that I've built. And that's kind of just what we do. And it's mainly focused towards SMBs and smaller organizations that they don't have a ton of money, but you want to be more secure.

[00:29:11] Joe Colantonio Okay, Grant, before we go, is there one piece of actionable advice you can give to someone to help them with their DevOps security efforts? And what's the best way to find or contact you?

[00:29:20] Grant McCracken Okay, I'll start with the easy one. You can find my name is Grant McCracken. You can fine me on LinkedIn and then Grant@darkhorse.sh. Now, as far as the one thing people can do, this is not going to be the tactical answer that people may want, but what I've learned more than anything is that not more than anything, but I've learned time and time again, in security, you have to be able to communicate a story and be able to communicate it effectively in terms of what matters to other people and why it matters to other people. And so in security, you're always going to run into a ton of resistance in terms of trying to accomplish your security goals. And if you can frame security within the context of their goals and their ambitions and what they want and what we need and what language talk, So if you're talking about finance person talk to them in dollars. How much money are you going to save the company? You're talking to sales, you talking about how this is a competitive differentiator. And again, I'm going off on a tangent here. But that, to me is infinitely more powerful than a little tool or a little something that does like just one thing. If you can unlock how to effectively communicate security within your organization, you will get so much more done and your organization will become more secure as a function of that. And so that's like if I did, sit down with somebody's security and I was like, this is the one thing you should be taking away and the one thing I need you to be able to do. That is it. You can Google 10,000 ways, here's the methodology to become more secure, follow the cybersecurity framework, all these sorts of things. None of that matters if you can't communicate it to the business. And so that is just an absolutely critical skill set and things to develop.

[00:31:13] All right, before we wrap it up, remember, frustrated users quit apps. Don't rely on bad app store reviews. Use SmartBear's Insight Hub to catch, fix, and prevent performance bottlenecks and crashes from affecting your users. Go to SmartBear.com or use the link down below, and try for free for 14 days, no credit card required.

[00:31:34] For links of everything of value we covered in this DevOps Toolchain Show. Head on over to Testguild.com/p191. So that's it for this episode of the DevOps Toolchain Show. I'm Joe, my mission is to help you succeed in creating end-to-end full stack DevOps toolchain awesomeness. As always, test everything and keep the good. Cheers!

[00:31:57] Hey, thank you for tuning in. It's incredible to connect with close to 400,000 followers across all our platforms and over 40,000 email subscribers who are at the forefront of automation, testing, and DevOps. If you haven't yet, join our vibrant community at TestGuild.com where you become part of our elite circle driving innovation, software testing, and automation. And if you're a tool provider or have a service looking to empower our guild with solutions that elevate skills and tackle real world challenges, we're excited to collaborate. Visit TestGuild.info to explore how we can create transformative experiences together. Let's push the boundaries of what we can achieve.

[00:32:40] Oh, the Test Guild Automation Testing podcast. With lutes and lyres, the bards began their song. A tune of knowledge, a melody of code. Through the air it spread, like wildfire through the land. Guiding testers, showing them the secrets to behold.