Exclusive Interview with Heath Adams – The Cyber Mentor
In this exclusive interview, we sit down with Heath Adams, the mind behind TCM Security, to dive deep into his journey, the challenges of building a cybersecurity empire, and what’s next for the industry.
Introduction & Personal Story
What’s the story behind TCM Security? Was there a specific moment that made you say, “Yeah, I need to build this”?
In 2018, I co-founded VetSec, a nonprofit helping current and former military members transition into cybersecurity. As part of that work, I started creating entry-level materials and courses focused on cybersecurity fundamentals. These were originally just for our community, but the videos started gaining traction on YouTube and social media. Eventually, companies began reaching out to the firm I was working for, specifically asking for me to lead their projects.
The company I worked for didn’t even acknowledge the value being brought in. No recognition, no incentive. That was the moment I realized I could probably go out and do this on my own. I even made a YouTube video walking through the financials and what it would take to stay afloat.
The first year of consulting was slow. I used that time to double down on content. That’s when I created “Practical Ethical Hacking,” which ended up being a breakout success. I built the course because the existing options were overpriced and not very practical. Almost no one was teaching Active Directory hacking, which is one of the most important skills for any junior pentester. I wanted to build something affordable that actually helped people land jobs.
We applied the same thinking to certifications. Most of the ones in the industry were either multiple choice or completely gamified. We built the Practical Network Penetration Tester, or PNPT, to simulate a real engagement. You had to write a professional pentest report and present your findings to earn it. It was something that prepared people for the real world and cost far less than the major certifications out there.
What started as a consulting business turned into a training company that also does consulting. We continue to grow by finding gaps in how training is delivered and keeping things affordable, so that more people can get the opportunity to break into the field.
Your name—'The Cyber Mentor'—carries a lot of weight. What does mentorship mean to you, and how has it shaped the way you run TCM Security?
Mentorship has been a core part of my identity from the very beginning. Early on in my career, I didn’t have someone to walk me through the process. I was trying to figure things out on my own, making a ton of mistakes along the way. It made everything harder than it needed to be. So I made a commitment to myself that once I got to a place where I understood the path, I’d turn around and help others through it.
The name "The Cyber Mentor" came from that mindset. I started by helping individuals one-on-one, usually through Discord or LinkedIn messages, just answering questions and giving guidance where I could. That evolved into creating YouTube content, building courses, and eventually founding a company focused on mentoring at scale. I wanted to take the kind of help I wished I had and make it available to as many people as possible.
At TCM Security, mentorship isn’t just a buzzword to us, it’s how we operate. We don’t just throw content at people and hope they figure it out. We build training that teaches, supports, and prepares them for the real world. We’ve created a community that encourages growth and learning without judgment, and we do our best to meet people where they are, whether they’re just getting started or looking to level up their career.
Mentorship, for me, is about being the person I needed when I was starting out. It has shaped how we treat our students, how we run our team, and how we think about the future of this industry.
Breaking Barriers & Industry Disruption
TCM Security has made penetration testing and cybersecurity training way more accessible. Was there pushback when you started challenging the 'traditional' ways? How did you handle it?
There was definitely a lot of pushback. The industry had been doing things a certain way for a long time. People paid thousands of dollars for certifications and saw that as the price of entry. We came in and said, what if that doesn’t need to be the case? What if the current system is gatekeeping talent rather than developing it? And that made a lot of people uncomfortable.
We challenged the idea that certifications were actually preparing people for real-world work. A lot of them were just multiple-choice exams that didn’t reflect the job at all. We weren’t trying to discredit the effort people put in to earn those certs. That was never the goal. But some folks took it that way. There were people who felt we were being disrespectful to the process they had gone through. We also heard that the industry didn’t need another certification, and that a practical, longer-form cert wouldn’t be viable.
But we stayed focused on what we believed in. We saw a broken system and decided to build something better. Something that was affordable, hands-on, and directly mapped to what a pentester actually does on the job. We let the results speak for themselves. Students were landing jobs. People who couldn’t afford five-figure training programs were getting real opportunities. Companies were reaching out and hiring based on our certs. That’s when it became obvious we were solving a real problem that others had just accepted as the norm.
A lot of people talk about breaking into cybersecurity, but few talk about staying in. What advice do you have for folks trying to build a long-term, sustainable career in ethical hacking?
Breaking in is just the beginning. The real challenge is staying in and continuing to grow over time. I believe in staying curious. The people who thrive in this field are the ones who treat it like a craft and never stop learning. If you have that always-learning mindset, you will go far. Cybersecurity changes constantly. Tools evolve. Techniques shift. New attack surfaces show up every year. The second you think you have it all figured out, you fall behind.
To build a lasting career, you have to be willing to keep showing up and putting in the work. Stay humble. Understand that no matter how much you know, there is always more to learn. Surround yourself with others who challenge you and encourage you to improve. Share your knowledge too. Teach others. Build in public. Keep a portfolio, whether that is code, content, blog posts, or walkthroughs of your work. It helps you grow and gives others a reason to take you seriously.
Avoid chasing titles or clout. Focus on becoming really good at what you do. If you commit to the process and put your energy into getting better every day, the opportunities will come. This is not a field where you arrive at some endpoint and stop. The ones who last are the ones who stay hungry and treat this like a lifelong journey.
Real Talk: The Grit Behind the Success
Let’s be real—building a business in cybersecurity isn’t easy. What was the biggest 'oh sh*t' moment in your journey, and how did you push through it?
The biggest moment for me was when we had our first real hiring wave. Up until that point, I had been focused on the technical side. Teaching people. Building content. Delivering pentests. That was my comfort zone. But once we started bringing on full-time employees, I had to become a business owner in the true sense. All of a sudden I was dealing with payroll, taxes, healthcare plans, HR policies, legal paperwork, and a hundred other things I had never done before. It hit me all at once that being good at cybersecurity is completely different from running a company.
I was not prepared. I made mistakes. I learned some things the hard way. I had to figure out how to lead people, how to build processes, and how to manage the pressure of knowing that others were depending on me to get it right. There were days I felt completely in over my head. But I kept showing up. I kept learning. I took one painful step at a time and figured it out piece by piece. That is really what separates people who make it from people who quit. It is not that you have all the answers. It is that you are willing to keep going when you do not.
Everyone sees the success now, but they don’t see the nights of stress, failure, and figuring things out. If you could go back, what’s one piece of advice you’d give yourself when you first started?
I would tell myself to stop worrying about being perfect. Perfection is a trap. It slows you down. It convinces you to wait until you feel ready, and that moment rarely comes. What matters more is consistency. You just have to start. You do not need everything figured out on day one. You just need to commit and keep improving over time.
I would also tell myself to trust my gut more. To block out the noise and focus on building something real. There were plenty of people who doubted what we were doing. People who said we were too different or that it would never work. But when I stayed true to the mission and surrounded myself with good people, we always moved forward. If you keep stacking small wins, momentum builds. And momentum is what turns a side project into a company and a dream into something real.
It is going to be messy. You are going to make mistakes. But if you keep moving, stay humble, and keep learning, it adds up faster than you think.
Shifting the Industry: Training & Pentesting
What makes a great pentester? Is there a mindset or skill set that sets the top 1% apart from the rest?
Curiosity is everything. The best pentesters are not the ones who just know the most tools or memorize every technique. They are the ones who see a system and immediately start asking questions. They want to know how things work under the hood. They follow their instincts. They treat every assessment like a puzzle that has to be solved. When something looks off, they dig deeper. When a door is locked, they check every window, crawlspace, and hidden latch until they find a way in.
Technical skill matters. You still need a strong foundation in networking, operating systems, web technologies, and all the usual stuff. But mindset is what separates a good pentester from a great one. The best in this field do not stop at the first vulnerability. They do not run a scanner, grab a few findings, and call it a day. They go the extra mile. They chain things together. They ask themselves what an attacker would do next and they follow that trail.
If you want to be in the top one percent, you need to stay curious, stay relentless, and never assume you have seen it all. There is always something new to learn and a new way to break something that seems secure.
Certifications vs. hands-on skills: Do you think we’re moving towards a time when experience matters more than a long list of certs?
We are already there, at least in the companies that understand what this work actually looks like. A resume full of certifications might look impressive on paper, but if you put that person in front of a live environment and they cannot perform, none of it matters. This field is all about real-world ability. Either you can do the work or you cannot.
That is exactly why we built our certifications the way we did. We wanted to move away from multiple choice and toward something that feels like an actual pentest engagement. Our certs require you to compromise systems, write a professional report, and present your findings. That is the job. That is what you need to be able to do if you want to be successful in this field.
Certifications can still be valuable. They can show a level of commitment and help you get past HR filters. But the ones that matter now are the ones that test your hands-on skills. The industry is waking up to that, and I think the shift will only continue.
If you had unlimited resources to create a game-changing training program, what would it look like?
If I had unlimited resources, I would build something that blends real mentorship, real-world experience, and deep technical training all into one. Think of it like a cybersecurity residency program. You would not just sit through lectures and take quizzes. You would shadow professionals, work on actual pentest engagements, and build your skills while solving real problems.
You would write reports that get reviewed by experts. You would present findings to simulated clients. You would get feedback every step of the way. And you would build a portfolio of real work you can take with you to job interviews. It would be a full journey, from beginner to job-ready, with actual guidance the entire way.
This is what the industry needs. We do not just need more content. We need more structure, more accountability, and more support. People learn best when they are challenged and when they have someone in their corner helping them grow. That is how we close the skill gap. Not with more theory, but with more people getting real experience and building real confidence.
What’s Next for TCM Security?
Where do you see TCM Security five years from now? Any secret projects or expansions in the works?
Five years from now, I see TCM Security continuing to grow as a leader in practical cybersecurity education and consulting. We will always be known for our training and certifications, and that is not changing. But we are also putting more focus into expanding our consulting services. We want to be the team that organizations trust when they need real expertise, not just in the classroom but in their actual environments.
Education is still the foundation of what we do, and we are continuing to improve and expand what we offer. We are working on new certifications, more advanced content, and better support systems for students at all stages of their careers. Our goal is to make high-quality cybersecurity education more accessible, more hands-on, and more aligned with what the job market actually demands.
At the same time, we are growing our consulting side. We are doing more penetration testing, more assessments, and more custom engagements with companies who want a partner they can actually talk to. We are not trying to be a checkbox vendor. We are focused on delivering high-quality work that makes a real impact.
There are some exciting projects in the pipeline that I cannot share just yet, but everything we are building is designed to raise the standard, both in how people learn cybersecurity and how companies get the help they need. We are staying true to what made TCM successful in the first place, but we are also evolving. We are just getting started.
If you had to sum up TCM Security in three words, what would they be—and why?
Real. Practical. Accessible.
Real because everything we teach and everything we do is grounded in what actually happens in the field. We are not here to sell dreams. We are here to prepare people for what the job really looks like.
Practical because our focus is always on helping people build skills they can use right away. We do not waste time with filler. We want students and clients walking away with something that makes a difference immediately.
Accessible because we believe cybersecurity should not just be for the people who can afford to spend thousands of dollars. It should be for anyone who is willing to put in the work. We keep our pricing fair, our content open, and our community welcoming.
That is the DNA of TCM Security. It is what built this company and it is what will keep driving us forward.
Final words: If someone reading this interview feels stuck in their cybersecurity journey, what’s one thing you’d tell them right now?
I would tell them to keep going. Feeling stuck is normal. Everyone hits a wall at some point. Everyone questions whether they are smart enough, whether they belong, whether it is all worth it. I have been there too. I know what that feels like.
The truth is, the people who make it are not the ones who always have it figured out. They are the ones who keep showing up. Even on the days it feels like you are spinning your wheels. Even when you fail an exam, get ghosted by jobs, or feel like you are falling behind. You are not. You are building resilience and momentum, even if it does not feel like it right now.
You have to run your own race. Stop comparing yourself to others. You do not know how long they have been grinding or what advantages they had. Focus on your journey. Go at your own pace. Take breaks when you need to, but do not quit. Stay consistent. Keep learning. Keep practicing. Keep putting yourself in uncomfortable situations where growth happens.
This field rewards persistence. You might be one course, one conversation, or one opportunity away from everything changing. You just have to stay in the game long enough to get there. Your future self will thank you for not giving up.
From your perspective, why do we need more businesses like RySec LLC in the cybersecurity space?
Because the industry needs more companies that genuinely care about doing the right thing. There is a huge gap between what the big players offer and what most businesses actually need. A lot of larger firms are focused on scale, automation, and volume. That model does not work for every client. Smaller companies often get ignored, underserved, or overcharged. That is where businesses like RySec come in.
We need more companies that can have real conversations with their clients. Companies that take the time to understand the environment, the constraints, the goals, and actually provide solutions that make sense. That matters a lot more than people realize.
With startups and smaller businesses often struggling to afford security services, how do you think companies like RySec LLC can help bridge the gap?
By meeting people where they are. Not every client needs a full-blown enterprise solution right away. Sometimes they just need someone to point them in the right direction, help them identify their most critical risks, and give them a path to start improving without blowing their budget. That is where smaller firms can win.
Offer bite-sized services. Break things down into manageable steps. Focus on building trust instead of chasing invoices. If you help someone solve a problem today, they will come back when they need more help later. You are not just offering a service. You are becoming their go-to person for security. That relationship is where the real long-term value comes from.
TCM Security and RySec LLC share a common goal—making cybersecurity more accessible. What do you think it takes for a business to stand out in this industry?
It comes down to authenticity. If you care about helping people and you put in the work to actually deliver results, that stands out. There is a lot of noise in this space. A lot of recycled content. A lot of surface-level services. But people know when something is real.
You have to show up consistently, do quality work, and build a reputation that speaks for itself. That means doing the right thing even when no one is watching. It means not cutting corners. It means being the company that picks up the phone, answers the email, and makes clients feel like they actually matter. If you do that, you will stand out. Word travels fast in this industry.
If you had to give one piece of advice to RySec LLC as a growing cybersecurity firm, what would it be?
Double down on what makes you different. Do not get caught trying to mimic the big firms. That is not your game. Your strength is in your ability to connect, to personalize, and to go deeper than a generic playbook allows. Find your niche and own it.
Whether that is serving a specific industry, focusing on a certain size of business, or delivering a unique service that others overlook, lean into it. The best growth happens when you solve problems that other people ignore. Stay true to your values, protect your reputation, and keep showing up for your clients. That is how you win in this space.