Hello and welcome back,
This post I have an interview with Zaid Sabih, you will have most definitely seen him around in the cybersecurity world whether from his courses on StationX, Udemy, Zaid website, zSecurity website, YouTube or through his company zSecurity that provides so many services from Penetration Testing, Hardware Tools in the store and even a VPN service.
Zaid is a man that likes to keep busy and one I have enjoyed a course from on StationX, I have kept meaning to do a write up about and I will soon I promise ?
His YouTube is a great watch, I have been subscribed for around two years now I think the first video I watched was this one.
Just noticed he has 197K subscribers already and is verified so I am obviously not the only one that likes his content.
So, who is Zaid?
“My name is Zaid Al-Quraishi, I am an ethical hacker, a computer scientist, and the founder and CEO of zSecurity. I just love hacking and breaking the rules, but don’t get me wrong as I said I am an ethical hacker.
I have tremendous experience in ethical hacking, I started making video tutorials back in 2009 in an ethical hacking community (iSecuri1ty), I also worked as a pentester for the same company. In 2013 I started teaching my first course live and online, this course received amazing feedback which motivated me to publish it on Udemy.
This course became the most popular and the top paid course in Udemy for almost a year, this motivated me to make more courses, now I have a number of ethical hacking courses, each focusing on a specific field, dominating the ethical hacking topic on Udemy.
Now I have more than 650,000 students on Udemy and other teaching platforms such as StackSocial, StackSkills and zSecurity.”
Hope you enjoy the interview, here you go ?
I can see you done a bachelor’s degree from 2012 to 2016 at University College Dublin Ireland and I was wondering how you liked it in Ireland as I am from and still live in Scotland so very similar countries with a shared Celtic history, are you still there? and also your first post on your blog titled “Software hijacking using Wi-fEye” is dated September 2010 so you have obviously been doing this before Uni, when did you first get into hacking?
Yes I am still there, I love it in here, the people are very nice and friendly, and I love the way that Dublin is not a very busy city like London but at the same time is still fun, vibrant and exciting.
I got into hacking probably around 2006 / 2007, it started as a challenge between me and a friend and ended up in helping me find my passion, fast forward a few years later and all I did everyday is just learn and practice hacking, a few years later I am working part time as a pentester, went to college to study computer science just to have a better understanding on how computers work and hopefully become a better hacker, and finally I am very blessed to actually end up working in the industry that I love.
You first came to my notice through your courses on Station X like ‘Learn Python & Ethical Hacking from Scratch’ & ‘Learn Network Hacking From Scratch (WiFi & Wired)’. With running Zsecurity do you get as much time to teach as you would like and how do you balance both?
The balance can be very challenging at times but like I said I love what I do so even when I am not teaching I am still doing things that I love. It is harder to make new content now because the time that I have for teaching is limited, I also have a lot of content between my courses that I have to keep updated and as you know things change and evolve very quickly when it comes to IT. Therefore a lot of the time that I have for teaching goes towards updating my existing courses, as a result between updating and running Zsecurity I am left out with very little time to make new content or new courses. The way I kind of got around that is by making a VIP membership where I host a LIVE class every month, this way I am forced to at least publish around an hour of new content every month. This new class will always be available to the VIP members or people can actually sign up to it as a separate course under the “Hacking Masterclass Course”.
How did the courses come about, what was the impetus behind doing them?
I worked as a pentester and part-time instructor for a cyber security company called iSecur1ty, I taught their network hacking course live and online for a while in Arabic, the CEO of iSecur1ty was actually a friend of mine who recommended that I make an English version of my course and publish it on Udemy to reach broader audience, the English version performed amazingly, even better than the Arabic version, from there I improved my recording skills and equipment and as a result the next courses dominated the ethical hacking category in Udemy and several other websites.
On your YouTube you share a lot of information, how do you decide what to give away for free and what to turn into a course?
I do YouTube for fun, so I don’t really put too much thought into what goes for free and what goes in the courses. The nice thing about YouTube is that I publish anything without having to consider what students know so far, this is something that I can not do with my courses as I have to make sure that I don’t cover things that are not familiar to the students and have to stick within the course objectives and curriculum.
How important is programming to ethical hacking and cybersecurity do you think? I know it’s a divisive question and just wondering your opinion given you program a good bit?
Yeah this is a tricky one that I can spend quite a bit of time talking about it, I actually made a video on this topic:
The bottom line is in my opinion programming is not necessary for hacking, you can be a great hacker without learning how to write programs, at the same time I do agree that learning programming will enhance your skills and make you a better hacker.
I love to find out how people maintain their skills, how do you do this with courses, books, CTF etc?
I’m not a big fan of most of the popular CTF platforms as they focus too much on gamification and sometimes forget about mimicking real world scenarios. I am lucky in the sense that we conduct pentests regularly which I contribute in to stay in the loop. I am also lucky because of the courses that I have and the content that I make, in order to keep these courses updated and create new content I have to stay up to date with the latest and always learn new methods and techniques.
Ok, someone is JUST getting started in ethical hacking, they have moved over from Desktop support what is the FIRST thing you recommend them to go and learn?
There are also plenty of free resources online, the only thing they’ll have to do their own research and select good sources, I would recommend that they start with networking as pretty much everything is connected to a network, that’s what I actually start with in my beginner’s course. Obviously if they don’t mind spending a bit of money then they can just go with a good course that is designed to teach hacking from scratch. I also made a video on this:
Is there any part you prefer that you do over the other in regard to pentesting, bug bounty, teaching, consulting etc?
Pentesting and teaching are my favourite, hence I do them the most. I do not like bug hunting because I feel like it is very limited and can be quite boring. Consulting could also be fun but that really depends on the project.
How have you seen ethical hacking change over the years, has it got more difficult or what differences are you seeing?
I don’t think it got more difficult, security or “blue teams” have improved but so did the tools and techniques used by ethical hackers or “read teams”. I am glad to see that more companies take cyber security more seriously than before but that can certainly improve.
I see you are now selling items like ‘ZSCactus WiFi Keystroke Injection BadUSB’ and ‘BadUSB keystroke injection Cable’ on your store, is this something you would like to expand upon and what other plans do you have for the rest of the year?
Yes, these devices are just really cool and fun to use and play around with, we are testing the market with them and people like them we can do so much more!
Please check him out at the following places:-
- zSecurity Twitter = https://twitter.com/_zSecurity_
- zSecurity Facebook = https://www.facebook.com/zSecurty/
- zSecurity Website = https://zsecurity.org/
- zSecurity YouTube = https://www.youtube.com/c/zSecurity/videos
- Zaid Website = https://za1d.com/
- Zaid Udemy = https://www.udemy.com/user/zaidsabih/
- zSVPN = https://zsvpn.com/