From Sales to Senior Cybersecurity Consultant: Ryan's Journey

Hi! Can you introduce yourself and describe your current role in cybersecurity?

I’m Ryan "Roll4Combat" Bonner, and I currently work as a Senior Cybersecurity Consultant at ProCircular. My role primarily involves penetration testing and providing strategic guidance to help organizations enhance their security posture. I do web application, mobile pentesting as well as internal and external assessments.

What’s your backstory and how did you first get into cybersecurity?

My journey into cybersecurity started at the beginning of the pandemic. I was working a mix of marketing and sales jobs, but honestly, I just wasn’t happy with where I was or where my life seemed to be heading. I knew I needed to make a change, and for some reason, I got it in my head that I wanted to go to school to become a welder. I didn’t know much about it other than what I remembered from a high school class, but the idea of working with my hands and building something real really appealed to me.

While I was figuring that out, I spent a lot of time on Twitch since I’m a big gamer. One day in September 2020, I stumbled across this guy streaming cybersecurity stuff. He was talking about hacking and how much fun it was. I started asking him a million questions because I’d always been into computers, building my own rigs and messing around with programming (even though I was terrible at it). I’d even spent months trying to teach myself to code on Twitch, but hacking felt like a whole new level of cool and really sparked for me.

From hanging out in that streamer’s chat, I met some awesome people who invited me to join their Discord server. We’d play CTFs together, stay up way too late talking about cybersecurity, and just geek out about tech. It became my escape after long days working as a mover. I mentioned my welding plans to them, and they were like, “Hey, you clearly love computers, give cybersecurity three months and see how you feel.”

That’s all it took. I dove in, and within weeks, I was hooked. Hacking turned out to be the perfect mix of creativity and problem-solving.

What advice would you give to an aspiring penetration tester or bug bounty hunter?

I would say to really stay curious and embrace that you’re just going to fail so much more often than you succeed in both pentesting and bug bounty. I would also say that engaging and interacting in the communities can help you out so much more than you ever think, so be willing to go out, be uncomfortable and shake hands and meet everyone you can.

Recommended Resources

Special shout out to Jason Haddix and his Bug Hunter's Methodology Live course. It has helped me tremendously on my cybersecurity career and I'd highly recommend it to anyone looking to get started in offensive security or bug bounty.

Additional resources I recommend:

• TryHackMe (when you’re just starting out)
• Hack The Box / HTBAcademy (when you understand some basics)
• Portswigger Web Academy (web apps)

I love web apps, so big shout out to Critical Thinking Podcast if you want to get deeply technical web app hacking information.

What are your favorite tools to use on an engagement? Have you utilized AI at all in your role?

I think since I love web applications the easy one to say is Burp Suite Pro, but besides that one I’m a massive fan of using https://www.jswzl.io/ its really expensive but it helps so much when going through Client-Side JS.

I use AI every single day that I’m testing and learning. I have it open on my phone and just have back and forth communications about what I’m seeing / what I'm thinking and how I might be able to take better approaches to what I’m hacking or clarify one of the millions of things I may not understand perfectly.

How has being active in the infosec community impacted both your personal and professional life?

Being part of the cybersecurity community has been so rewarding!

It allowed me to put myself out there and get in contact with some amazing minds in the industry. It has allowed me to work with people like Jason Haddix, Daniel Meissler and Justin Gardner. I have to reiterate how important connections have been for me.

Surround yourself with the smartest people possible, have conversations, and volunteer to help out. I currently help Jhaddix run his classes for Arcanum and that actually led me to getting the job I have now!

Outside of work, what hobbies or interests help you unwind and maintain a healthy work-life balance?

Outside of work, I’m an active boxer. I also love spending time with my two rescue Weimaraners, Koda and Daisy. They’re still in training, but they’re a big part of my life now. I am also an avid hunter and shooter.

What is the origin of your handle?

Nothing terribly interesting. I think my original name was ‘badatcomputers’ but I felt I needed a name change a couple years back. I was getting ready to play my first session of Dungeons & Dragons and plays always say things like “roll for initiative” and "roll for x". So I was like, whatever, Roll4Combat it is - it sounds cool and it has stuck.

Lastly, where can people connect with you or follow your work online?

• Twitter/X: https://x.com/BadAt_Computers
• LinkedIn: https://www.linkedin.com/in/roll4combat/
• Discord: axiomplz