How to Get Into Cybersecurity with No Experience

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
hello everybody and welcome to how to get into cyber security with no experience my name is gerald ozier and i will be talking for probably the next 30 minutes or so covering a whole range of topics that i really feel is important for an audience that is asking themselves this question and then i'll be uh open for probably 30 more minutes for a q a session which i really hope is uh engaging in in answering the questions that you have so let me just dive right into here i've i've put a link to the slide deck in the uh in the comments below and i've also dropped it in chat if you're on youtube watching this now what i want you to do is not worry about any of the resources i call out and all the labs and all the um you know just websites and tools and people that i bring up in this talk because it's all in the back of the slide deck i want you to really um relax and take this in and you know just have a great experience together so let's just dive into this before i get into too much i do want to tell you kind of the scope of what we'll be talking about today i'm going to be talking about really who's the intended audience because a lot of people might think it's just you know college graduates about to enter the workforce and it's really a much larger audience that i've been interfacing with through my work on the simply cyber youtube channel and i want to call out those audience members and let them know this talk has application and value to you we'll be talking about a few truths uh or myth busting if you will for entry level rules right i'm sure some of you out there have run into these already yourself so i want to be transparent and level set right off the rip about what entry level means in the cyber security industry also i'm going to take a step back and actually help you find your passion like if you're running at you know 50 miles an hour towards a goal but you don't actually know what the the goal is um are you really spending time and energy and effort reaching that uh goal are you just doing something to be busy right so we're going to help you find your passion today then we're gonna spend some serious time talking about certification versus education versus work experience that is the biggest question that i have encountered with people who are looking for material um now uh all of these things are going to help you understand and answer how to get into cyber security with no experience we're going to build from the ground up and when you leave this talk you're going to have all the tools all the resources and basically the blueprint to enable yourself to go as far as you want and then by the way i'm going to wrap it up with smart hacks that are absolutely free like if you've been following my youtube channel or you've been working with me uh networking wise you know that i am like such an advocate of free resources money uh should not be a barrier for anyone to get into cyber security all right so and then open q a that's gonna be the best before i dig into i really want to give a shout out uh to dr davina pruitt mental she reached out to me and asked me to give this talk in um to support national cyber security career awareness week she's with the national initiative for cyber security education over at nist and uh really appreciate this opportunity uh for putting me in contact and doing this thank you uh so really quick who am i why should you listen uh to what i'm saying my name is gerald lozier i've been working in cyber security for about between 15 and 20 years kind of you know around that frame i have a phd in cyber operations from dakota state university my undergrad degree and masters are in computer science so i do come from that technical track i am ridiculously passionate about cyber security like over the moon for it uh which is why i love talking about it i love engaging in it i love working in it i love studying it uh so you know this is my background and this is why i'm bringing this knowledge to you so who who is this talk designed for so you're sitting there listening to me talk and you're like is this even going to apply well the majority of the cross-section of people that i interface with it's people who are separating from the military so you're you're just about to finish up your commitment and thank you for your service and you're re-entering the workforce but you were like uh a tank mechanic or you worked in logistics or something and it's not translating into a civilian life career field and you're wanting to try cyber security this is a great great avenue and one that you should seriously consider so i'm talking to you also i encounter a lot of people who are already mid-career in their life and they were working in finance or they're working in marketing or they work at an assembly line in a factory or a plant and they they aren't enjoying life and they want to do something different and cyber security has so many great opportunities that they want to pivot into it that is a person that this talk will apply to and then you know the more uh traditional option is the college graduate you're just finishing school you're about to enter the workforce in a really kind of crazy coveted uh time and you're you're not sure where to go or what to work in and i want to provide this opportunity to show you how you can take cyber security and launch a career so you know even though we're in covet and despite what you might hear i'm telling you from first person living this we are living in the cyber career golden age i am serious right forbes reported that the the cyber security market's worth 173 billion dollars now granted that's not just salaries for staff right that's having to do with uh development and technology and cyber security um defensive measures and stuff like that but here's the thing all of those appliances that 173 billion dollars all that needs cyber security practitioners to run them all of the audits all of this new legislation that's coming out gdpr for the privacy side hipaa um sarbanes-oxley a few years ago like all of this is tied to securing things our world is completely interconnected uh like live for a second without the internet like good luck it's you can do it but it's super hard so all of that needs to be secured and there is just so many unfilled positions in cyber security and there's such a demand that like you're literally in a position of power if you are working in cyber security so that's why we're living in the golden age you don't have to worry about not being able to find a job or be having to move to a different city not finding a job there's there's just opportunity like through the gills okay oops sorry about that for the mic okay so just know that not only are we gonna line up something that kicks butt for you and we're gonna find your passion but there's so much work that you're gonna get a job okay so this is from the department of labor statistics i just pulled this there's a ton of different jobs in the field but um just so we level set here this is an information security analyst this is about as generic a title as you're gonna get um for the field right there's information security engineer and analyst this is but what i want to call out here is the 2019 median pay hold on if you can't read that let me help you out oh that didn't get much bigger geez so the 2019 median pays between like it says around 99 000 i would argue that that's probably skewed because of silicone valley pricing in new york city and stuff like that but you know maybe a little less than that but it is higher than a lot of you know kind of standard jobs uh in the field they do call out a bachelor's degree um as typical entry-level education we'll talk about that later in the certification education work experience section it's not necessarily true but there are in barriers that not having the degree will introduce that i'll tell you about there's a ton of jobs 131 000 with an employment change of plus 40 000 uh projected for 2019 to 2029 i suspect that number is way low as much as i think the salary might be a little high i think the employment change is low i think it's going to be way higher than that okay all right let's go entry level a few truths all right so let's pull back the curt and actually like talk about the real d like this isn't gonna be like an infomercial where all you hear is like rainbows and cupcakes and unicorns flying around there's a couple truths one that you will hear a lot of people talk about and you may have experienced this yourself already is that you'll see an entry-level job like entry-level security analysts must have five years of information security experience and like a bachelor's degree in computer science and maybe a master's degree and have cissp which is a certification that your is like a mid-tier security level certification requires five years that is not entry level and here's one of the ugly truths of the industry all the companies know that they need cyber security like you're getting financially fined if you if you're negligent right with your security and ransomware's popping up all over the place so the businesses need to have it but they're they don't want to spend on it right so what they say is let's let's put the requirements for a mid-tier person but in order to have it the salary pay ban map to what we want to pay it has to get identified as entry level that is one of kind of the gross truths now i want to point out that this is not completely across the industry i'm just saying there are uh a percentage of companies that are doing this and it's it's it's unfortunate right because they're not going to get entry-level people they're going to get mid-tier people who are basically taking a job just to have income but it kind of screws over people who are entry level trying to figure out the market so i want you to take that as a reality if you go to apply for an entry level job and it's not really mapped to an entry-level skill set don't get frustrated don't get discouraged it's probably what i'm telling you about right now okay another truth that you really need to understand is that infosec information security cyber security whatever you want to call it i'm old enough to call it information security i guess it is it is like a specialty within it yes you don't have to come from i.t but it certainly helps but like the reason that it's a it's it's a little bit more of like a couple years of networking experience or a couple years of system administration experience is something you'll often see on entry level positions it's because you kind of have to understand how the system is supposed to work so then you can secure it to keep it from doing what it's not supposed to do right so and we'll we'll address how to get that experience in education but but my point is um there is certain skills that you need i'm telling you you need to be able to be successful in cyber security and in my opinion i could argue with someone over beer the top of the list is understanding networking okay i'm not talking about you know being able to sit down and configure a cisco router or tel explain to me like what bgp is or you know the best routing protocol it's understanding what ipv4 is it's understanding like when you ping like a server somewhere and you get a response like what is kind of happening when you type in google in a browser and hit enter on some level you're understanding what's happening the osi network stack at least the transport and the network layer you just understanding those fundamental things um in my opinion is a requirement simply because um a lot of cyber attacks involve a network layer stuff in order to get on your endpoint and you know ransomware your box or whatever like it had to get there and you could see it find it on the network if you're doing blue team stuff defensive things sock analyst you're going to look at network logs and if you don't have a basic understanding of how a network operates um you're going to be looking at it like it's greek right so so i want to you to take away probably grab a notebook or or and jot down some notes here take take this away too get some get some foundational information on networking okay i actually have a video on my youtube channel about networking that's like 15 minutes long that gives you what i think a cyber security entry level person needs okay so uh that's it and then one other truth which i don't know why this gets so propagated i think it's because cyber is so tied into um i t but like you don't need to know how to program so if you've been like freaking out about like where do you spend your energy and effort and you're thinking about like diving deep into becoming a programmer or understanding programming you don't need it okay like i have a computer science background i can program i don't use it that often in my career right now i used it you know to kind of automate some stuff like make things easier yeah but like i could have done them without that and sometimes you need to understand how to program so you can like refine a tool that's not working if you're an offensive pen tester and you're on an engagement there are times where programming does come up so it's not like you're an actuarial and like you're like programming doesn't make any sense like yeah you can use programming and cyber security but you can have a bomb successful career without understanding programming you'll probably learn to read code not write it okay so those are the truths i want to share with you okay keep on going let's go big on this one okay uh i i do apologize from a programming note i was under the impression that this would expand much larger when i opened it up so um i'm sorry hopefully you can expand this i won't spend too much time on this this is um what i want to tell you is i just told you that like having some i.t background helps you migrate into a cyber security career if this url is also in the reference if you go to the slides but it's here um on the bottom of the slide too cyberseek is part of um like the national initiative of cyber security education and they've laid out these this kind of blueprint on how you can go from not being in the field into going into the field okay and on the left you'll see they have feeder roles and the feeder roles are networking software development engineer financial and risk analysis there's one that's not i.t so it does happen and then security intelligence like an intel uh operator again not i.t so they're not all it feeder rules but what they're saying is one of these fields is a perfect field if you're in one to migrate naturally into cyber security if you're not in one of these fields already um then you can begin to focus some of your energy on things in that field if you can't get into cyber right away okay it's like a feeder and then if you go to cyberseek there's actually a ton of great information in here i'm just gonna i took three slides i i've hovered over system engineering which is the middle one in the feeder role here when you go in there it tells you how many job opens and job openings there are it tells you the type of education you need uh like people who don't have a bachelor's degree versus have a bachelor's degree what type of certifications are good and then really what are the top cyber security skills to add right so you can see they have crypto infosec those aren't very useful um i wouldn't i wouldn't call that useful calling those cyber security skills like information security is the field not a specific skill but anyways you can see that you can use this resource to help identify areas of opportunity where if you can't get into cyber you can get into a feeder role that you could consider like the entry entry level of getting into cyber so just i wanted to share this with you so you didn't uh lose hope that you're not getting the cyber job and you need to get uh you're getting pressure from like your family or whatever to go get a job or you need to pay your bills like if you can't get into cyber immediately you can get into these feeder rules which will naturally bring you into cyber okay and then on just the third and final slide here on cyberseek they also provide you you can click on the particular uh bubbles and the roles within the the tool itself and it'll give you this information how many job openings you can click on that and go look at them what's the average salary so you can get perspective right eighty nine thousand dollars that's pretty good so and then where you can go from that um so you know check it out i want to share with you but what i want you to take away from this besides it being a pretty cool tool is that you can use it to kind of map out your career now we're going to go into something a little bit more detail when i said find your passion okay so good fortune is what happens when opportunity meets with planning the reason i included this edison quote is because and i alluded to it earlier if you don't know where you're going you don't know how to get there or what to pack or the best route to get there or the most efficient way to spend your time and your money so what i want to do is show you the sheer breadth of opportunity within the field so when you're getting into cyber security with no experience you have at least a direction you're pointed you know i interviewed so many people like like i i had an internship program for a while i was running and i would interview interns and i would say well tell me why you want to work in cyber security and like 99 of them would say oh i love mr robot i love hacking movies like i want to hack hack hack and like that's fine there's a whole field in that i've got good friends who work in that side of the field but if you think that that's what cyber security is like it's like a flashlight in a dark room you're looking at just like this small sliver of what the entire room is and you're missing so much other opportunity things that maybe like fuel your passion or things that are have a better opportunity of getting uh employment gigs and stuff like that so i want you to be fully armed with all the knowledge of what opportunities there are this is a a slide that naomi buckwalter had posted on linkedin i told her every time i use this in a um in a slide deck i'm going to credit her because it's so good um can i make this any bigger no wanna see if i can make it bigger just to give you guys a little nope oh well sorry so what i want you to take away from this is and again i apologize for how small it is but oftentimes you hear people talk about you know red team pen testing and stuff like that you could see pen testing is down here under threat and vulnerability management it is like 1 100th of the world of information security depending on what you're interested in like what gets you going what opportunities you might have you can work inside uh you could be like really into math and do crypto type stuff you can do network security stuff you like say you're not even technical you could do things like awareness training uh do security baseline configuration where like you're you're kind of laying out them you can do policy development you know here's here's a like a relatively new thing that came into the scene about five years ago actually talking to the business it used to be that cyber security would just like hide under i.t and just push down things like they were in an ivory tower now cyber security is actually talking to the business they're getting a seat at the board so being able to talk is actually a valuable skill inside the cyber security field so maybe there's an opportunity there so i just leave this deck here for you to take a look at and maybe drill into a couple of the areas that are interesting to you uh and you can you know you can go on and find more information but i what i want you to know is that there is a vast huge field of different roles within cyber security it is not just pen testing and red teaming okay great so here is just four different um uh jobs within the field that like i just mentioned there's a ton but at the ncaa nicces which if you i think if you go to cyber.org it'll resolve to that too but the department of homeland security has put this out there's a bunch of them there's maybe like seven or eight total but i wanted to show you this where they have these like infographic slides that outline a role in the field and then give you some context to it does it require a degree what's the salary what's the job growth plus 20 that's pretty good forensics plus 28 like you can start focusing and say hey like there's a huge market for digital forensics which there is by the way like maybe i go get certified on a forensics toolkit like ftk or nks and then you are immediately immediately way more marketable than someone who doesn't have that especially in digital forensics which is a field that really requires you to understand one of those uh two tools that i just told you about okay so i leave this as a resource for you to go look at but what i want to tell you is um that there is some information here to give you uh more visibility and context um yeah and i'll i'll be addressing the uh questions in the chat later so again what i want you to do is have a plan on where you're going so then you can execute to it i'm a huge planner i'm a huge huge organizer structural and then execute on the mission all right so let's talk about the question the elephant in the room the question that everybody wants to talk about is um certifications versus education versus experience now just on the surface what i'm going to tell you i was going to make a slide for it but i couldn't find a great way to do it so i figured i'd just tell you okay certifications you can get them for like okay so let's do it this way experience you can get for free stay tuned certifications nominal costs right couple hundred bucks up to like maybe fifteen hundred dollars uh you get some knowledge and you get something that you can jam on your resume and oftentimes uh hr will be screening for that and then education is more expensive more time right so it goes from like low money as much time as you want to mid money you know uh a a low amount of time and then education is like a lot of money and a lot of time um so people will say um there's a lot of successful people who work in cyber security that do not have a college degree i know several okay so it is not a requirement to get a cyber job i would argue that certifications and experience are the most important certifications because that's what gets you the interview i'm sorry to say like unless you know someone and you have an inside line on something in order to get through screeners in order to qualify uh as i mentioned earlier with these unrealistic job wrecks you need to have a certification okay and usually there's specific ones related to whatever the job is and we'll talk about that in a second and then experience if you have hands on keyboard if you can tell an employer i've done that they're more likely to hire you because a i don't have to train you and b you've seen it you know what it feels like like you've got time in the saddle that is invaluable okay and then and then education as i mentioned already check out this graphic again this is in the show notes okay this is a fantastic graphic we're going to spend a minute on this one so the way you want to look at this is from the bottom going up is amount of experience okay so entry level novice and then above novice left to right are vertical columns uh by kind of industry not industry like vertical segment within the cyber security industry so you can see we've got uh the blue team doing defensive ops the red team doing offensive ops orange is engineering which might be things like uh running firewalls or um you know kind of managing endpoint uh security or some or mdm or something like that then we've got analysis architecture for building stuff and uh management because everything's got to have management all right so what i want you to use this slide for is you've already kind of found your passion right hopefully you're using the the resources i'm showing you and you found your passion you're into forensics right 28 job growth 77 000 annual salary you like digging into things you love detective shows forensics is what you're going to do dynamite guess what here are all the forensics here's the forensics column within blue and here's the certs you don't have to get them but they will help you what this thing tells you is if you got a cisa cert that's a that's a an auditor cert that is not going to help you get a forensics job so don't spend your time or your money or your cycles fretting about that this literally gives you a certification roadmap to go get certs that will help you right away and by the way it sets realistic expectations because if you're entry level and you're looking at like the csfa probably not a good fit right you probably need to go to security plus which is a great great entry level sir you can see it like pretty much across the board here uh so again i'm not going to spend a ton of time on this during the q a if you want i'll bring this back up and we can talk about it but this is a dynamite resource thank you um thank you to the individual on reddit who posted it because i reference it like all the time you can see the urls here but it's also in the show notes all right again with certification now you know what cert you want to get right you use this uh map and you figured out what search you may or may not want to get to help you get that job with no experience and how do you get it though right so you can do self-study with a book but if you have no experience you might not have context right so one of the ways that you can shortcut this method um is called taking a boot camp right uh various boot camps can have different value your your mileage may vary so check with someone who's already taken a a boot camp but i i'm highlighting the cyber bites foundation one right here cyber bites is out of quantico virginia um they are a fantastic organization i i believe they're a non-profit they i attest to them i vouch for them they offer as part of their overall um you know public offering basically uh certification boot camps and you can see i've highlighted two specific ones here that i wanted to call your attention to by the way i think these are fairly affordable they're like five days maybe a thousand dollars 999 dollars but if you can shortcut something for a price i mean that that's the benefit of shortcutting it right two that i want to call out is the network plus and the security plus okay i told you earlier it's non-negotiable you have to understand how a network works in a in a basic foundational level fundamental level you have to understand ipv4 and at least the transported network layer if not the entire osi stack okay network plus is going to give you that i'm not saying you need the network plus certification i'm not entirely sure the value of it for a cyber security role but getting the knowledge in the bootcamp is probably more valuable to me if i have no experience than the actual certification then we've got the security plus okay this is wildly considered by most people in the industry the entry level certification you do not need experience you can take it i think it's a couple hundred bucks to sit for the exam um you don't need to go to a boot camp although it will give you that context and structure and make sure that you cover everything and help you with terms and concepts you don't understand yet this is a great this is a great option okay and i know that different boot camps charge different amounts uh some are very expensive like i said i know cyber bites um and i know it's around a thousand dollars i believe and i i just i i i stand by them enough to share with you all okay i have no financial affiliation with them whatsoever okay so boot camps can help you shortcut the certification a requirement on some job uh requirements okay now let's talk to the graduates or if you're considering going to um get a bachelor's degree okay there's different i put a tale of two cities because there's there's two different trains of thoughts i mean this isn't a super divisive topic in the information security industry but it is one like i said i know so many people without a bachelor's degree that are awesome at cyber security i know people with a master's degree who couldn't get out of their own way okay so having a degree does not directly correlate to your ability to execute in cyber security that's first and foremost now what i will tell you is two things one getting a bachelor's degree will uh open doors for you okay this is just a reality you can you can be successful and if you go down a very very um like pen tester type track like something that's super hands-on and like real skill like almost like uh i consider it like a trade right like plumbing or electric electrician or something like that like you can develop a trade within the cyber security industry and you'll never need a bachelor's degree you will run into issues though where you try to get promoted you try to get more salary you try to you know take advantage of some opportunity and the organization will give you like the heisman because you don't have a bachelor's degree which they've considered or qualified as a requirement uh joe hudson is in the audience right now and joe might be able to speak to this i don't know if there's a a shift in the uh industry but from what i've seen and what i've heard through my 20 years that is a like a it's like a i hate to use the term glass ceiling but it's like it's like a transparent ceiling that will keep you from achieving certain goals if you don't have a bachelor's degree it's a huge commitment right you can get like four years i think there's some programs you can get them faster but it's not going to necessarily equate to more value the other thing about a bachelor's degree that i would highlight is that it prepares you for writing which is going to be important in cyber security because you need to be able to effectively communicate um to both the business and to customers um you need to highlight certain things so effective communication and a work regimen work ethic right if maybe you've already got one and that's great but having that routine of like having your own self-accountability responsibility for you know going to classes getting good grades like you're not no one's managing you but you um those kind of soft skills um some people need them and the bachelor's degree can help you now having said all that you don't you don't need to like short you don't need to like divert your cybersecurity career for four years to go get a bachelor's degree maybe you want to go get a bachelor's degree just to hide from covet for a little bit in the industry and stuff like that but uh don't don't um don't think it's a requirement okay all right keep on trucking all right so now hands on keyboard let's talk about experience i think experience is super super valuable because as i already mentioned it shows you can do it you have experience and this is probably one of the most important things to say on your resume uh because if you have no experience it feels like your resume is like a barren wasteland where you're like oh my god there's so much white space what do i put here i'll just do size 30 font no by doing the things that we're about to talk about you can craft your resume in such a way to include tool sets that you've used concepts that you've experienced or frameworks that you've reviewed and analyzed you can include clients that you may have worked at if you're doing bug bounty type stuff there is a whole i i don't no one's really talking about this but there's like an entire um opportunity like an art form of realizing uh labs and and in free free training and experience that you can bump right into your resume and by the way put in those keywords so you can get through hr and actually get to a hiring manager who is the person who's looking for staff and will know what the hell you're talking about so work experience is good and having home labs so if you get a lab labs can be prohibitive because owning the hardware is expensive configuring it could be confusing for you uh but in the world of cloud computing there is so much opportunity um there's so much opportunity that you know like you can take advantage of it for absolutely free now a friend of mine stephan woolvogel uh published this and again download the slides so you can see this um this is a helpful tools websites and apps for the blue side the blue side is the defensive side there are things in here like cyber defense lab and challenge uh boss of the sock like blue team is actually a little bit harder to lab up and and and and get hands-on experience because of the complexity of it so um you know like but there are tools out there so i i strongly encourage you to check this out i've actually started doing a series of videos on my youtube channel highlighting all of these and some of them i've already done just by virtue of having done them already like malware traffic analysis here but these are the things if you if you wanted to do blue team right forensics sock analyst incident response these are the the labs and tools and the resources that you could do that you could beef out your resume so strong that you had no experience well guess what now you have a lot of experience without having had the job in cyber security yet because that's always the catch 22. how do i get experience in cyber security if i don't have a job in cyber security how do i get the job without the experience like ah it's frustrating well guess what the answer is you get the experience and then you can get the job unless your your cousin owns the company and then you're in like flint right but not all of us get that here's the blue team side stefan was kind enough to put together a red one too so on the red one you can see that we've got uh some youtube channels like uh um the cyber mentor heath adams he has excellent content um i'll highlight a couple more in a minute here but you can use uh things like aws which is what i do these are just some of the videos in my youtube library but i use aws amazon web services to build out free cyber security labs to test and learn concepts so just recently on the top right there the the juice shop one and the web goat one i just did that last week those are web application security platforms that you can build on amazon's infrastructure for zero dollars get the experience learn the concepts have time in the saddle know what it looks like from an offensive perspective and a defensive perspective and then put that on your resume talk about it in your interviews i'm telling you this is going to make you a stand out from other candidates and b really really give you the confidence to be able to go in and talk about what you know instead of like cramming in the parking lot uh of cyber security material hoping that you get asked a question about that in the interview no you will be empowered and you won't you won't have a problem i'm telling you you just got to put in the work right i mean that's that's the deal that you can't just take a pill this isn't uh limitless or whatever that movie was called so not to just you know promote myself because there are tons of really really good content creators out there and i'm telling you youtube is is a bomb uh for this type of content we've got network chuck up there stoke on the right hacker split and no by just to name a few these are um real leaders in the cyber security free education sharing uh expert in the community so i encourage you to check it out if people on the stream know of other people who are putting out great content uh drop it in the stream so other people in the audience can get that and you know and i can get that and and share with each other i see someone posted an updated uh certificate uh progression chart so thank you to that user who did that but tons of great content now if labs isn't your speed and you're more of a kind of a textbook person and you want to read the attack iq academy offers free education multiple tiered learning paths so they have one on mitre attack which is becoming thankfully more and more um prominent in the cybersecurity industry it's getting taken seriously if you don't know what miter attack is very very high level it's a taxonomy of the um potential attack vectors that threat actors are doing basically what it allows you to do is a verify that your defensive tools are actually map into things and it allows you to simulate offensive particular offensive threats but the thing is people are using it so if you have miter attack on your resume right how did you get that how did you know that oh i did this um you know three class thing i gotta they give you a certificate like this is you know power so you can get into miter attack and understand that they have another one on purple teaming as well they have one on um fin nine i think so they have a couple right now but i would encourage you to at least check out the miter attack one and see uh what it's about and if it interests you because it's got it's got value and by the way the cost is free it's just your uh your commitment to wanting to get a job in cyber security and you're you're self-disciplined to see it through right to do the classes to to take notes to learn right there's no shortcut that that's that's something you should take away there's no shortcut right you've got to put in the work if you want to to reap the rewards another excellent resource is dfir diva now she does post a lot of content specifically on digital forensics and incident response which is what differ stands for but she puts other stuff there her website i think is dfirdiva.com it's in the show notes or in the in the reference slide but i mean she's podi posting like webcast conferences tools free resources she i was doing this myself on my github page but she um is doing it so much better and so much wider that i now just want to post uh push people to her for like content and stuff like that now here's something that my friend paul ime from sataria security told me a couple um months ago and i thought it was brilliant and i wanted to add it to this talk okay so this is my friend john helmoos john this is john's blog okay medium is a format at medium.com it's a blog hosting company it's free to sign up set up a blog now jerry i'm trying to get a job in cybersecurity i don't have time to be blogging okay check this out as you're going through the labs as you're attending conferences put a blog post put a blog post why here's the reason why i guarantee you when you go in for a job interview someone who's in that room that's interviewing you has probably googled you most of the times it's like oh what are they doing on social media are they kind of scary or they have like you know whatever views but when they google you and this comes up now they get to like basically um what's it called like voyeur voyeurism on you oh my gosh okay so like this is them when they're writing and what they're doing when they're not trying to impress me they're not putting on their best face to get this job this is who they are what this would tell me is if you had a blog and you were posting and by the way it doesn't matter if someone else has already blogged about it or you're doing the first level hack in the box and it's been solved a million times it doesn't matter it's you're capturing that you're interested in cyber security you're documenting what you have done which further fleshes out your resume and as i mentioned before it shows your writing style and capability yeah i mean if you're writing it sloppy with spelling mistakes and stuff maybe a blog's not best move for you but if you're seriously writing it it's going to show someone what your writing style is and your professionalism and some of those soft skills that really are just um kind of expected from business professionals right so it gives you an opportunity to flesh out your resume your resume is one dimensional the interview is what gives you three dimension this will allow you to get a third dimension before you've even gotten into the interview and i guarantee you it will sell you uh as a better candidate because you're obviously showing commitment and interest in the field uh outside of getting the job right i i do want to highlight conferences networking is huge like 50 of jobs in general uh in cyber security go to some like they they never posted because like cyber security is a small community if i need to hire someone i'm going to think of my cyber security professional network first before i post the job and go go through interviews and all that and that's just the reality so if you start building your network you can begin to find like-minded cyber security people you can find out about opportunities you you know like that that's part of the the gig right you can't just live behind a computer in a bubble and not talk to anyone like social engagement is part of the game um you can get you can do it if you're introverted you can still successfully get into cyber security i'm not saying you have to go to conferences but this helps you right we're talking about how do i get in with no experience you can go to a conference for free no one checks your qualifications to get into a conference i assure you right so you can go there a you can learn new content and material b you can meet other people and c you can find employers a lot of times employers are walking around with like a little name tag that says i'm hiring like literally you can just walk up to him be like hi like i'm looking for a job okay so let's talk and by the way you're at a security conference you've already implicitly told me you're interested in the field it's not just a job it's something you're interested in so boom right all right check out conferences this is b-sides listing you can find security conferences in your area a lot of them because of covet are free right now and you can get like they're free and they're virtual so like you have no reason you can't get to them right a lot of them are on replay uh but if you do it live there's typically like a discord which is like slack if you're not familiar with discord but it's like a online chat feature thing where people who are attending the conference are all chatting with each other usually the recording uh the talks are recorded pre-recorded so then the the speaker's actually in the chat responding to questions live unlike me right now who's just like spewing live at my screen so check out conferences huge huge win huge bonus multiple uh dimensions of value for you and if you know me i love nist so i i didn't want to uh limitness or remove nist here so um especially since they partially hosting this talk um cyber security there's a whole governance risk and compliance world out there okay it's not all about hands-on tech and defending from attacks uh live or perpetrating attacks live there is a risk piece to it and i wanted to call your attention to this cyber security framework because it's called this csf by some people but this is getting adopted uh widely across multiple industries across multiple countries um and if if you're not into the tech side and you're more into the governance risks risk side then i'd recommend you strongly familiarize yourself with the cyber security framework there's tons of talks on it nist gives them themselves uh but basically it's a framework on how you can build out a security capability at an organization and mature it over time with focus on outcomes of basically preventing attacks or limiting the impact and damage that they impart upon your organization okay so much love for nist all right i love nist and of course i have my github page i mentioned earlier the dfir diva um she has great like content on conferences and stuff but i've also curated a bunch of things here like on training there's actual check this out like literal college courses that are free so if you wanted to like get some education but you didn't want to pay for bachelors or go for it you can attend things at stanford georgia tech nyu um i forget the other there's a couple other schools uh washington so there's content out there again free so free all right so i didn't put a link to this but if you google github jerry guy 311 which is like my online handle before i get professional you'll find that okay and then a note on resumes this is partly part of my resume but i just wanted to highlight when you're building out your resume right make sure like take time to think about hopefully you've already kind of focused on an area and cyber you're interested in so make sure that that summary or your objective or goal maps to that and include those labs that you did and the skills you've learned and the talks you've seen you know volunteer at a conference and then you know put that on there like showing your for me personally showing your involvement in the cyber security industry is a huge plus because it shows that it's it's a career to you it's not a job um and and just make sure that you really captured those uh things also if you work in an i.t role and you're doing a career shift take some time and actually think about things that you've done that are security related right so you may not think about like configuration management um as infosec you may not think about procurement as infosec you may not think about um what's another good one jerry um whatever like there's tons of things within it or access control that's what i was thinking of you can parlay that into security related language like you have done things in in my it network administrator capacity i hardened network security devices right like that might have been part of your job but it is a security function so make sure you're really thinking about the security roles uh sub elements that you've done and include that like as far as beefing up your resume because i feel like a lot of people get wrapped around the axle of how do i make this resume which is what is representing me how do i make it good and get it into the right person's hands that's how you do it okay uh so all right so thank you very much i'm gonna open it up for q a here um i know i went a little long but i felt like i was on a good um a good path there um let's bring me up hey hey me um okay so let's open it up to q a um cue up your questions i'll go through them right now and uh we'll we'll knock it out and and thank you by the way for attending the first half of the talk um so much pleasure and so much love uh for all of you in this community let's see what the questions are will this be viewable later now that's an easy one jalen absolutely uh this will be available on my youtube channel simply cyber if you go find it i'll probably cut this up and then put minute markers so you guys can just jump to the actual sections of the talk but yeah absolutely be viewable uh if we're not connected jalen just connect with me on linkedin and i'll make sure that you get that link okay can you throw some light on sysert and the 27001 lead auditors please yeah thanks uh on maul so real quick cesa is the isaca uh certified information systems auditor um and i i have this certification i was an auditor for several years um it's good if you're into it um you know you when you take that exam well a couple things one the cisa is a cert that you will see on uh job qualifications for auditor roles i think it's a valuable cert i think it's appropriate and it maps to what the actual role is and the functions that you would need to do to be able to be an effective auditor the 27001 lead auditors i can't speak to i don't have familiarity with this i will tell you this though and well i've been in unless you're in europe um i would focus more on cisa versus twenty seven thousand one because i don't see a lot of twenty seven thousand one um compliance related or security frameworks right i see nist csf as i mentioned earlier i see um you know cis 20 for less mature organizations so unless you're in europe i would i wouldn't spend the time in cycles on the 27001 because i'm not sure what the marketability of it is okay um i'm currently studying for ccna and linux essentials my goal is to get the role of malware analyst is this the right direction i do not have a degree in computer science okay so okay so or israel this is a good question so ccna is a cisco specific networking uh certification and linux essentials is understanding linux so a couple things one you know i would actually argue that most malware is written for windows systems windows have the majority of the corporate footprint in the world so a lot of times malicious threat actors will develop malware um for the windows operating system so linux is good to know because a lot of you know tools and distributions uh are built on linux but as far as getting into malware analysis you may want to study a little bit more on um like the windows side of things and the windows libraries and and things like that um also just as a thing you might want to check out any dot run that is a website it's it's basically a virtual sandbox that allows you to run malware but you can also like look at uh detonated malware that was malware like emote or ryuk or something like that so if you wanted to get some familiarity with like what malware looks like and and do some analysis also um if you really want to get into it uh this is taking it to the next level uh get it get a familiarity with assembly language and check out my buddy uh josh josh stroshen he went through the phd program with me and he has a youtube channel and all he does is disassemble malware like that's that's all he does and he's really good at it so check him out okay let's see uh i'm gonna try to do this rapid fire by the way hi gerald i have a ba with one semester my left in a master's in international security i have an oscp and i have no idea what i should apply for if i need to apply for it to an entry-level job okay so tito uh a couple things one um congratulations on completing uh your ba and about to finish your masters i would definitely tell you to continue to finish that um i don't know i've never heard international security so i don't know if that's like um like global policy type things like nation security national security or if it's an actual information security related discipline having said all that what i will say is you have the oscp okay the oscp is uh for those who you who don't know it is the offensive uh security certified professional and it is considered you find me a red teamer who disagrees with this it is considered by far the classiest goldest shiniest certification that you can get on the offensive security side of things so if you have that certification you definitely aren't going to be looking for an entry-level job and if it were me i'd be going pen testing uh with that like you have you should know that with that with that um that certification if you have it definitely go get it dude you can get like six figures uh with with that background so uh get into it um let me like connect with me and uh i can i can i have friends that are red teamers um i can i can connect you um and maybe get you an interview or something like that or at least at least point you in the right direction okay um just put me send me a message or connect with me on linkedin and just tell me it was you with the masters in international security okay that's awesome oscp by the way that's a really challenging certification um looks like joe hudson is dropping some knowledge here uh certain training carrying so much weight these days okay so joe's just dropping some knowledge joe is a friend of mine he's also a cyber security recruiter so whatever he's saying about job hunting and stuff is absolute take it as fact okay um looks like a linkedin user actually included an updated cyber security certification roadmap i appreciate that i'll actually start using that one i didn't realize there was an update so thank you for that um let's see looks like joe says in response to something i said during the live stream here i think the candidate pool is starting to help make a push towards shifting away from degree requirements within security but we aren't quite there yet yeah there you know if you think about it for a second who's making the decisions it's kind of the older people right and there's a cultural um institution around the value of a bachelor's degree and what that means in corporate america so i think that that's part of the um the reason that the cultural shift has taken some time um they still help but mostly required by hr of course right some managers would love to hire someone and they can't that see that's a dang shame it's a dang shame that you can't hire the right person you want because of something like that um linkedin user says western governors can allow you to blast through a bachelor's degree and get that uh that degree kind of hit that um check box and and get out of there okay let's see tracy asks what's your opinion on the cisco cyber ops as an entry level cert as opposed to sec plus or sscp so you know tracy i'll have to tell you maybe people in the uh in the show can comment on this but i'm not familiar with the cisco cyber ops um i will tell you uh for entry level security uh excuse me certs security plus is definitely considered widespread industry standard as the entry level certification so i would focus your energy there when you say cisco cyber ops it makes me think or curious whether or not that's specific to cisco hardware and if you're if you're starting to like niche down into a specific solution or or vendor then you're you're eliminating the capability for that to have value at different organizations right because you go to a place that's like an aruba shop or fortinet shop and all of a sudden your your hard work and degree don't count um sscp i want to give a shout out to that that is under isc squared um that was a fun certification to be honest with you i liked it it is um it has value but i made a video about this on my youtube channel it if you're gonna get that one over security plus it's gonna have less um marketability through the hr process because a lot of people are gonna put security plus instead of sscp as a requirement but in the federal government the dod 8570 which is this matrix of certifications that you have to have to hold certain jobs the sscp actually ticks the box on a couple different checks the box on a couple boxes right so you could technically get the sscp and get a couple different jobs without having to go get another certification so there is value in the sscp in that way uh i can't speak to the cisco cyber ops maybe someone in the chat can okay uh emmanuel thank you for the great content thank you for the comment i love hearing so much uh i love hearing people say uh that they're getting value out of this uh rolanda keep it keep it going keep it going um we've got a shameless plug here i appreciate the um the the shout out here which i plan on attending okay hey so let's just take a minute here and talk about this for a second john strand is uh he's the owner of black hills information security group and if you don't know black hills information security get to know him john strand is easily one of the top two like best presenters best conference uh speakers um great personality great attitude loves giving back to the community and black hills as a company it embodies that attitude like black hills is awesome and they do tons and tons of free free training and free webinars so just google black kills information security and you'll um they'll come up and you'll see all the trainings like on the top right you'll see those trainings and stuff like that see if i can even do that while we're talking here so so check that out uh yep john is the man joe all right so lincoln user we got another shameless plug uh oh it's the sock training with john strand right so let let me let me just do this really quick okay like we're doing this live i'm doing the best i can um let's do this let's do this let's do this and let's do um that so this is black hills information security website right it's it's uh black hills infosec.com if you go to training these are the trainings these are awesome sock core skills getting started in security with mitre i mentioned miter earlier right applying how you look what you do with purple team i talked about free purple team learning earlier i'm telling you really um the the the folks at uh black hills are just uh an absolute uh treasure to the cyber security community okay so let me remove that i kind of went too quick there um okay so we had a question here i really jumped ahead by accident here um all right so we got a question here about cloud security so here is something that i would i would share with you and and like i didn't highlight this in the talk but right now there is a massive shift in the in the corporate world right to move to cloud tons of tech startups are building on aws or google compute securing the cloud whether it's azure google is really really different than than securing infrastructure right so um hold on one second so i would i would strongly encourage you if you're interested if you're if you're young um and you've got a lot of career left i would strongly encourage checking out cloud security because it's a different animal altogether and more and more organizations are getting in the cloud so having the skill to secure cloud is huge it's really around access and permissions and control and stuff like that versus um really kind of the the infrastructure and traditional securing things so um it's a great point i'm glad you brought it up linkedin user uh because it is a massive uh area of opportunity within the industry so i kind of jumped down here a little bit i want to make sure we're getting all this um we got comment here blogging ads credibility i i can't agree uh anymore um what's the name of the site for making the blogs so the one that i referenced is medium m-e-d-i-u-m medium i believe dot com so maybe i can uh medium john here we go check it out so this is john's site but you can see it's uh it's medium right medium.com so check it out free to sign up um and you can just get going and you can even put it on your resume it's yet another thing to put on your resume right like if the goal was to like fill your resume with great content and not fluff this is another way to do it okay great presentation thank you karen thank you i am so passionate it's redonkulous when it comes to cyber security oh no lost sound hopefully um you know hopefully that's not the case um oscp versus ecppt all right so i will tell you this i kind of alluded to it to it earlier i am not familiar with the ec ppt so if there's a cyber i mean a pen tester on the chat check it out oscp hands down considered the best cert um in the offensive security realm today it's the most marketable it's the most recognized it has the most street credit with actual offensive security people i'll also point out since it gets mentioned quite a bit um not to throw shade but like the ceh the certified ethical hacker offered by ec council is considered one of the entry-level offensive security certifications it is not really well respected within the offensive security practitioner space but it is a certification that's often included by hr on job postings so there is some value for you to get the interview but don't i wouldn't walk around uh telling people in the industry about like like say anything about it because it's just like people throw shade at it and i want you to know about that okay um uh let's see what are your thoughts on wgu's cyber security program well thanks for the kind words about uh my channel i i don't know much about western governors i know i know a couple people have done it um rob fuller who's uh goes by mubix i'm pretty sure he went through the bachelors in the cyber security program he might have some feedback you could you could ping him he's kind of a big personality within the cyber security industry um but i can't give anything definitive i i haven't heard uh one way or the other about it uh jordan's done some cyber security specialization courses many on coursera where companies hire me with these certificates so that's a good question for joe hudson to address i would definitely include it on your resume um the way i like to do um coursework is i'd actually like to say like you know you know cyber security formal cyber security coursework and then like list out the classes um that's a good way to do it i don't know like if having the coursework and the certification are necessarily gonna map but definitely include if you've taken specific coursework either the course title or you can say coursera course title right now you know uh this isn't the purpose of the talk but i'm telling you right now there's a major shakeup in higher education and just the industry in general where things like udemy and coursera are supplanting the traditional matriculating student going to a campus and going through a formal higher education program so definitely include uh the coursework at least if not you know say multiple certificates uh with coursera in cyber security make it something that you want to talk about in the interview okay um oh i already answered that one i'm sorry all right let's go oscp helps get a job quickly uh joe's weighing in there uh it's gold and shiny all right what if you're a lawyer who has eight plus years of experience in system security and network exploitation all right well you are a unicorn um and there's a lot of value for you so uh i actually strangely have a very good friend who's also a lawyer who had about four years of incident response uh and kind of pro risk program management uh he went on to go work in cyber security i mean excuse me he went on to go work in law um but his focus his niche all the work that comes to him is i.t related so you know what i would encourage you to do you like because you're to get paid well as a lawyer i you know i i would i kind of make the assumption what i would go on and do is go whoops i'm sorry go work um and and focus on the legal part of it so like there's so much um like shared services and you know agreements and interfaces and data think about how valuable data is right now uh with things like uh cambridge analytica and all like the way facebook makes their money in google like all of that data science stuff it's all about having access to data so how is that data gotten right it's through agreements and terms and you need lawyers who understand the technical jargon because most lawyers unlike you most lawyers don't understand anything technical right like email might be the extent of it so you have a very special skill set that it gives you the capability to really get in there and and be able to provide that i.t security perspective and and really shape really good uh legal documents that that's what i would do that's what i would encourage um i feel like if you go the cyber security track specifically you might not be leveraging that legal part unless you wanted to go into like digital forensics but since your network exploitation and system security um it doesn't look like that's the the case so um hopefully you love being a lawyer and that's why you went and got that but that's what i would do if i were you okay you mentioned briefly transitioning from a non-i.t career to into a cyber role can you recommend a good starting job position that someone can start in with going without i'm sure without going bankrupt starting as a help desk person making 40k yeah this is this is tricky um this is tricky so yeah it's tricky um what i would say for something like this is you you really it's hard okay so you'll probably have to take a pay cut um i don't know about having to start at the help desk because if you have worked in corporate america already um you said non-i.t career so i don't know if you have worked like in an aw like in a in a professional organization setting but if you have then you bring that kind of experience potential leadership management type stuff so you have kind of um soft skills that someone who's coming directly out of college as a as a 22 year old may not have and you can use that to kind of spin things so what i would kind of encourage is do two things one get some of this training get some of this experience beef up your resume and then kind of tie it around um the the experience of being a like a seasoned professional and kind of start spinning that way maybe looking for you know a manager role if you've had any management experience in the past um managing like a small team of cyber security people that way you're managing but you you you can like kind of lean on the experience and expertise of the people who you're managing until you get kind of spun up and then move on and find your passion i guess that's kind of like the trick to shortcut getting work experience to be able to get to the salary you want okay good question adam thank you uh felicia's got a question here do you advise to wait until one has a particular cert or attend conferences or complete labs before applying for a cyber security job if you have no real world experience so i mean you can apply to this to the jobs for sure felicia and uh i think your chances improve dramatically as you begin to do these things now one uh smart hack that i would recommend is say you're gonna go for the security plus okay put it on your resume under your certifications not lying you're not lying but schedule like so if you're going to get serious about it schedule it say like what's today november uh 20th or 12th or whatever so say let's say it's january 1st right you're going to schedule it for the new year put on your resume security plus anticipated date uh january 1st now what this does is a it gets through like um auto screening and get you to the hiring manager b it's a talking point hey like oh i see you're you're studying for security plus yeah absolutely boom boom boom i've got a talking point i'm showing commitment i understand what the cert is and why i'm doing it um you know so yeah so you can do that with the labs you can't do that because you you literally have to get time in this in the saddle with that um with conferences um you know i don't know if you would be putting uh conferences on a resume anyways so attending those or not attending those um i don't think that that should preclude you from applying for any jobs but yeah definitely go for it start getting the feel for it i know a lot of people get um a burnout from applying i've started seeing a lot of messages on linkedin of people you know getting burned out from from filling out the same forms over again and applying and applying applying so um you know so so be careful be careful with that but yeah go for it um i i'd really encourage you to start finding finding your passion and start directing your efforts and your energy into that does cyber security field favor certain degrees for those who do who do have one or can you have a degree as long as you have certs and experience in place oh that's a good question so i would say you know my first blush is that cyber security favors computer science degrees and sometimes mis degrees management information systems but then the more i think about it you know that is that is shifting so much like all i have a computer science degree and all it does is give me the capability to pick up something faster it doesn't stop me from it like not having it doesn't stop you from picking it up it might just take longer okay and some people are just naturally gifted and they pick it up like nothing but but that's really the difference so if you have a bachelor's degree in finance and then you're doing labs and doing experience and doing all this um you can get that cyber security job no one uh oh and another thing by the way since we're talking about it like where you get your degree from unless you're going to mit or harvard or stanford or yale it doesn't really matter like i i can't think of a time i've ever um been in an interview or something like that and sat down and someone's like oh they got their degree from here like no like most people don't even put where their degrees from on their resume it's just i have a bachelor's in finance i have a bachelor's in computer science so um don't don't overpay for an education unless you're absolutely dead set on going to that school okay so uh that's what i say about that hopefully that answered your question uh we got oh my god this comment thing moves wicked fast artie flores thanks for attending arty i obtained my sec plus but working on the comptia cysa plus is this earth cert worth getting yeah i would i would um i would agree like so that is a security analyst one it's a little bit more of the hands-on stuff um i don't think you should wait to start applying for jobs uh until you get that do that trick i just told you where you put when you're you're projecting to get the cy essay and and start acting like you already have it um you know if joe's still in the in the audience i'd be curious what um what percentage of employers are asking for that certification i've seen an uptick recently um for that certification being mentioned and um and acknowledged as like a good kind of entry level related slightly above entry level uh certificate uh but yeah i i guess the short answer is already i would continue working towards it because it will help you it does have value but i don't think you should wait to get it to start um trying to get those jobs or or spending cycles on um you know labs or or efforts that will be specific to whatever the role is that you're looking for um let's see uh thank you this is very very helpful well thank you this is this is like just as fun for me i'm loving this um hard to compare oscp and ecpt but they're they complement each other ocfp wins for recognition oh well thank you to the linkedin user who commented on that i appreciate that mention the clark portal and the cyber security training offered there it's free and developed with the nsa approval yeah so uh i'm not familiar i think that's on my github page uh i'm not entirely sure but let's just take a look really quick um of course clark portal whoever mentioned that uh if they had any experience um using it i'd be curious if they could share what their experience was since i'm not familiar with it so we're just gonna drop this boy right here this looks like what it is this is the clark portal we're doing this live i've never been here let's see oh yeah look at all this good stuff whoever shared this thank you so they've got a kind of a wide swath of different things a lot of machine learning things yeah warrant requirements and cyberspace yeah so this this i don't know what nsa and ccp is if that's a certification that they're doing uh looks like it's a filter that was applied here but yeah definitely worth checking out um thank you for sharing that whoever shared that um what does an infosec employee do like what exactly is your job well thank you that's a fun question so it's not an easy question to ask uh honestly um tanishq uh if i said that correctly so there as i mentioned at the beginning of this talk there are so many different jobs and roles within the information security so to say what does an infosec employee do uh it's very difficult to answer that right so you could be a pen tester who is getting dropped into a client engagement where you're physically going to penetrate into their data center and stick a usb drive in that's like monday or you could be a digital forensics person who gets just a box of hard drives mailed to them that was recovered from the scene of a crime or from a you know an accident like a um like a sunk boat and you're you're just in a lab by yourself in a windowless room with a droning of an air conditioner just doing a dead disc data recovery so the the spectrum really changes i'll just tell you for myself um in my day job when i'm not doing uh simply cyber youtube channels i'm a cyber security architect at an academic medical center which is a healthcare a functioning hospital as well as a functioning university in the architect role like every day uh i'm i'm presented with like all sorts of different uh odd strange challenges uh like for example like hey uh jerry like we're going to be collaborating with university of california and we're going to be sharing this data and we're going to be doing this research and we're going to be using this platform what do you think like so you know for me like that's okay like let's do it like let's look at like let's look at the application let's look at the network let's look at the operating system let's look at the user base let's look at the interfaces let's look at the physical security let's look at the um the agreements in place is there data in europe that needs to be considered for gdpr uh regulations and stuff like that so that's what i do um but you know it really changes so uh what i would ask is um go look at that list of jobs go find uh one that is like sounds interesting to you and come back and ask me the question like what does an offensive security employee do or what does a security architect do or you know or whatever what it what is uh a level one tier one security operations center analyst do and and we can we can drill into that i'd be happy to talk to you about any of that um of course so um big data governance fan one of my primary interests all right i wonder uh whoever wrote that if you're actually also interested in privacy since there's a tight uh tie-in to that and some of the regulations that's coming out of the west coast of the us right now uh we're we've got a real estate agent do we have any advice with merging cyber security and real estate so that's a good question when i think about uh things in cyber security that i'm not necessarily familiar with like this the first thing i go to is information right because they call it cyber security because it sells and it's it sounds cooler but like at the end of the day information security is what the field is right and it's protecting the confidentiality integrity and availability of the information so what i would ask you real estate agent is what information is critical to the success of a real estate agent and what systems are critical to um real estate agents right so i know mls right so some of these third-party systems are critical so having access to those would be critical so making you know making sure that that access is protected um you know which includes like how you protect the accounts to that um if you have i don't know how important the lists of like your clientele would be but where you're storing that i mean you could set up a little cottage market industry for helping real estate agents protect their data assets um so that's i guess just off the cuff how i would merge cyber security in real estate uh hopefully that helps especially if you're a real estate agent you can you can speak to like the importance of protecting those assets and and you know what why you'd want to uh take the time and money to do that we're doing a class in c plus plus be beneficial for anything in cyber security absolutely yeah so as i mentioned earlier when someone asked about malware analysis like you know oftentimes you will get a piece of malware you won't know what it does you'll have to disassemble it and look at the code and a lot of times like um ghidra or so ida is like ida is like the go-to disassembler for uh executables or binaries right so you use ida to decompile malware or disassemble malware excuse me well gidra is something the nsa just released and i i haven't used it myself but i'm pretty sure when you decompile or disassemble engine it actually takes like a c type structure look to it so if you have experience with c plus that's going to help you be able to kind of read it a little bit better and understand again you don't need to know how to program to be successful in cyber security but if you understand it you can look at code and you can quickly read it and by the way like as far as malware analysis goes like if you can't read code you're not going to know what the hell it's doing like your best you can do is just drop it in a sandbox detonated and hope that the system tells you what it's doing so um i would definitely encourage you to check out c plus plus there's also um c plus plus helps you understand kind of the executables and binaries but i'd also if you're going to go as far to learn a programming language i'd also encourage you check out python that's a very very popular language for cyber security professionals for writing tools and stuff like that so you can use that um skill to to kind of enhance your capabilities uh depends on real estate oh so you're all coming up as linkedin user to me so i guess maybe there's names where you guys are but depends on real estate iot security home networks techs everywhere in the home oh that's a good point so i was thinking about securing real estate as a industry not as selling to your customers and client base so whoever the user is that commented on this great great suggestion the perspective is different i was thinking of real estate as an industry um emerging now with cyber security so thank you thank you i'm also moving at like a million miles an hour and trying to produce this video at the same time i'm changing careers because of covet 19. yeah i'm sorry jordan it sucks i have no work experience in cyber but a lot of technical knowledge that's huge should i start my own consultancy pen testing company since no one will hire me huh no one will hire you that's interesting that sucks um so i mean the short answer is absolutely i mean if you could start a company and get people to uh hire you to do work and you can you feel competent to be able to do that work uh you're not grifting them then hell yeah do it go after it and i hope i hope the absolute best for you um i will say since you said pen testing i'd also like to highlight bug bounties which is a uh basically it's it's basically finding bugs like doing pen testing and finding security vulnerabilities and then coordinating through a third-party platform like hacker one or bug bounty to coordinate with the clientele of whoever it is you found the bug in and they pay you for finding those bugs so there's an opportunity there for you to like get a side hustle using those pen testing skills and um and be able to like you know get paid if the consultancy thing kind of starts off slow right and you know depending on on how it goes you know you could you know it may not matter you might just crush in the consultancy but having those multiple revenue streams is probably going to give you a little bit um more comfort all right so we've got let's see thanks for the clark link so thank you uh for sharing the clark link um it looks like a lot of people are getting excited about the clark link um all right so i i don't know if joseph was the one who shared the link or not but um it looks like those are all the questions we're down we went long we got an hour and a half um again you know i i really want to give um special thanks um to davina for asking me to do this i want to give special thanks to all of you for staying with me for this whole live stream and engaging with me i love this field i love talking with all of you and i hope you got value out of this and i hope you can feel confident um getting into cyber security now you have the tools to understand how to overcome the barrier of not having experience yet okay um looks like we got one last question here from maloney what's your idea on the gx sans certs gcis sockwork so i will tell you that sans courses are wicked expensive like eight thousand dollars if you can get your employer to pay for them go for it they're excellent they're really well respected and recognized their instructors or top notch experts in the field they're just wicked expensive so if you can get it get it they're all good the sans ones are good no thank you davina you're the best um yeah i i couldn't see your id um oh okay yeah i'm sorry it's just all it's just all there hey um for anyone that's on linkedin connect with me on linkedin i accept all comments dms are open if that's a thing to say um and i will engage with you i love talking about this stuff so um hit me up uh or check out my youtube channel i do post content every monday because i love it um and we'll do that so davina asked if i do this every thursday i was i was doing a live stream every thursday to complement my monday youtube video that was produced content uh but uh like with with work i'm actually applying to become a ciso uh at my employment and my work commitments and my personal commitments are so uh heavy at the moment that i'm unable to do the live streams but this this was uh for nist cyber security career awareness week uh and i've got so much uh gratitude for what nist has done for me in my career so i absolutely had to do this when you asked me okay well thank you all right everybody thank you so much have a great evening have a great weekend uh and you know take care and best best wishes to all of you
Info
Channel: Gerald Auger - Simply Cyber
Views: 84,789
Rating: undefined out of 5
Keywords: cybersecurity, no experience, how to get a job in cybersecurity, soc analyst, cybersecurity for beginners, cybersecurity 101, free cybersecurity resources, NIST NICE, cybersecurity education, cybersecurity job, cyber security, how to get into cyber security with no degree, careers in cybersecurity, learn cyber security, cyber security careers, cybersecurity careers, livestream, cyber security career, how to get a job in cyber security, cybersecurity jobs, cysa+, tech jobs
Id: 4d-qmWLt90E
Channel Id: undefined
Length: 84min 26sec (5066 seconds)
Published: Fri Nov 13 2020
Related Videos
Top 5 Cybersecurity Certifications for Beginners - Massive AMA
Gerald Auger - Simply Cyber
3.5K
Top 5 Mistakes People Breaking Into Cybersecurity Are Making
Gerald Auger - Simply Cyber
8.4K
Let's Land Your First Cybersecurity Job
Gerald Auger - Simply Cyber
3.4K
5 Entry Level Cyber Jobs You Need to Know About
Gerald Auger - Simply Cyber
38K
Ex-NSA hacker tools for real world pentesting
David Bombal
212K
Network Security 101: Full Workshop
SecureSet
1.7M
Required Cybersecurity Skill: Understanding Basic Networking Concepts
Gerald Auger - Simply Cyber
12K
Before you work in a SOC, Watch This. w/SOC Expert Brandon Poole
Gerald Auger - Simply Cyber
14K
Vets into Cybersecurity with No Experience!
Gerald Auger - Simply Cyber
2.7K
How to get your first Cybersecurity job
David Bombal
63K
Don't Talk to the Police
Regent University School of Law
16M
All The GRC Analyst Job Answers YOU Want
Gerald Auger - Simply Cyber
1.7K
Why Cyber Security is Hard to Learn (Tips For Success!)
Cyberspatial
485K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.