Skip to content
All posts

Meet your ACRTP Bootcamp instructor: Tyler Petty

From building military-grade networks to cloud security guardrails, Tyler's journey into cybersecurity has been anything but ordinary. In this interview, we sat down with Tyler to explore his transition from the military to the private tech sector, his views on DevSecOps and AI, and what motivates him to lead Pwned Labs’ Amazon Cloud Attack and Defense Bootcamp.

Let’s start with the basics. Who is Tyler, and what’s your background?


I grew up in a military family, which meant a lot of moving around, but we were mostly based in Nebraska. I’m currently in Denver, Colorado, working in tech, specifically in cloud platform security. Outside of work, I’m really into hiking and fitness, which makes Denver a perfect place. I live near a mountain that I can hike after work. Also, I’ve got a fiancée and a corgi, so life is pretty full.

Before we get into the technical stuff, tell us about your time in the military and how that shaped your path into cybersecurity.


I joined the military right out of high school, not because I had it all figured out, but because I wanted to serve, and a lot of my family had done the same. I ended up managing combat-resilient communication networks. We're talking routers, switches, satellite comms - basically, a crash course in tech infrastructure. That set the foundation. I later moved into a federal government role and eventually transitioned into the private sector.


What sparked the move from military to cybersecurity?


It was pretty organic. While I was in the military, one day my commander came and asked if I’d be willing to support one of our federal government agencies with imaging computers and doing that kind of stuff. So I was like, okay, sure, I'll do it! I had a great experience there, met some great people, and later ended up working with that agency for a couple of years. At some point, I was talking with a friend at a big tech company, and he mentioned one of their teams needed someone with a Microsoft enterprise skillset — Active Directory and such. I had that, along with a Security+ cert, some cybersecurity exposure, and was working on a cyber degree. Turns out the company was building a new infosec team, and I just clicked with their needs. That’s how I got my start in cybersecurity! I kind of fell into it, really.


What does a typical day as a security engineer look like?


Security engineering is always evolving and can look really different depending on the company. I’ve been in the field for about a decade, and the day-to-day can vary a lot. One day, you might be working with different teams to help build security into a new infrastructure setup or product. Another day, you might be writing code to automate workflows, triaging alerts or vulnerabilities, or testing out detections with adversary simulations. It’s a little bit of everything, and that’s what keeps it interesting!


Would you say your role straddles red, blue, and everything in between?


Definitely. It's a bit of everything - putting up defenses, building tools, gaining visibility, and simulating attacks. It’s really fun to be both a builder and an attacker. It requires you to constantly learn and keep up though but I find the challenge in that rewarding.


AI is changing everything. What are you seeing on the ground in DevSecOps?


AI is quickly becoming a core part of the job for everyone. We started with chatbots, then knowledge bases, agents that perform autonomous actions and now it’s the Model Context Protocol (MCP) which lets AI connect with systems and data directly. You can give it a command in plain English, and it autonomously performs actions like building infrastructure for you.

But there’s a risk. AI can be unpredictable. The code it writes might be flawed or misconfigured. Until AI becomes more consistent, it's both an opportunity and a threat.

When I was talking with Filip, we discussed where he saw the biggest threats for organisations, and highlighted supply chain risk as one of the areas that organisations will need to understand and monitor. How do you see that evolving?


Supply chain attacks are a huge concern. Everything relies on third-party code. Remember Log4j? An open-source logging framework that so many companies and products relied on suddenly had a publicly exploitable vulnerability in its code. Log4j was maintained by unpaid volunteers. Companies need to understand their dependencies; not just what code they use, but what that code depends on. Smaller companies especially are vulnerable because they often can't always afford the tools and talent that larger orgs use to manage that risk.

How did you get involved with Pwned Labs and the bootcamp?


I discovered the Pwned Labs Discord early on, probably about 6 months after it launched. At first, I was doing the labs and sharing write-ups, but I was also speaking with Ian more about some lab ideas I had. That led me to creating a couple of labs and also supporting the team with the AWS Electra cyber range. When the AWS Bootcamp launched, I was a participant, but was also helping support the other students along the way. Ian and I had a conversation at some point during the bootcamp and asked if I’d like to instruct it going forward. Heck yes I do!


What do you get out of running the bootcamp?


I really enjoy teaching and mentoring. I’ve always liked helping people get where they want to be. This is new for me, teaching online to hundreds of people, but it’s incredibly rewarding. I’m constantly evolving the material, adding visuals, context, and new attack vectors. The goal is to keep things current, useful, and practical.

How do you see the bootcamp evolving?


The landscape is always shifting - new threats, tools, and techniques. I’ve already tweaked the content from the last round and will keep doing that. Staying up to date is non-negotiable if we want to teach real-world skills.

Any advice for veterans transitioning into cybersecurity?


Yeah, first, take advantage of the many resources out there specifically for veterans. There are great Slack groups, transition programs, and companies that want to help. Second, stay open-minded. Your first job might not be your dream job, but it's a stepping stone. Third, be ready to learn constantly. The field moves fast, and you need to keep up. Also, don’t fall for the hype that one bootcamp will guarantee you a job. Getting in is one thing. Staying in and thriving takes work.

(Note: Pwned Labs also offers 50% off cloud security bootcamps and subscriptions to veterans and active service members. Just fill in the form and we'll be in touch!)

Any regrets or things you’d do differently?


Honestly, I wouldn’t change much. The military shaped who I am today. I did try management for a bit, and while I liked mentoring, I missed being hands-on. Now I’m back in engineering, and that’s where I thrive.

Final thoughts?


If there’s one thing I’d tell anyone getting started - get involved in the community. Most of what I’ve done with Pwned Labs and beyond started with just engaging on LinkedIn and Discord. You don’t need a huge personal brand. You just need to show up, contribute, and help others. That’s where the real opportunities come from.

Great to chat Tyler! 😎

Tyler will be leading the Amazon Cloud Attack and Defense bootcamp, starting June 7th. You can find out more about the bootcamp here: 

https://bootcamps.pwnedlabs.io/acrtp-bootcamp