In the grand wrap-up of season two of the podcast ‘Your Cyber Path’, hosts Kip Boyle and Jason Dion reflect on their four-year podcast journey. They also reveal that for the time being, there won’t be a season three as originally planned.
Several factors have influenced this decision, the primary being their venture Akylade – a cybersecurity certification organization. They’re also experiencing increased demand for their time and energy due to factors involving Akylade and other projects. However, they highlight the intention of potentially doing a third season in the future based on the feedback and demand received.
Kip Boyle will continue to mentor notes but change the frequency from weekly to monthly. Jason Dion urges listeners to check their cybersecurity course, ‘Irresistible’ on Udemy.
They greatly encourage listeners to stay in touch and seek guidance on cybersecurity careers through email which is available at yourcyberpath.com.
Kip Boyle:
Hey everybody, welcome. This is Your Cyber Path. We’re the podcast that helps you start a career in cybersecurity or accelerate the one that you already have. I’m Kip Boyle, this is my co-host, Jason Dion. Hey Jason. How’s it going?
Jason Dion:
Hey, Kip. It’s great to be here again as we wrap up season two.
Kip Boyle:
Yeah, that’s right. That’s what we’re going to do today. We’re going to talk about the end of season two, and more importantly, we’re going to talk about what’s going to happen next. So actually this is a big deal. So first though, before we get into the news about what’s next, let’s spend a moment and recap where we’ve been because guess what? This is a podcast that’s reached episode a 116 and we release every other week, which means that four years is what, as this has all added up to, it’s taken us four years to get to this point. Now we’ve released our first, Your Cyber Path episode in February of 2020, which is mind-blowing to me because that was right before the world changed. The pandemic really became a thing. Quarantines were really starting to happen. People were really starting to get sick and unfortunately layoffs. The hospitality, the travel industry, all of these jobs and companies that were extremely face-to-face, restaurants and so forth, absolutely decimated.
You can see it if you go and look at the numbers. And unfortunately, that led to a lot of people in the cybersecurity career field losing their jobs overnight practically, and people who would probably never have been released from their employer because they were performing very well or maybe even amazingly, were suddenly out of a job. These are people that would never have been released, and the people that had to release them were really unhappy about it. Now, for folks who are listening, who started to listen to our episodes back then, what we were saying is, look, this is really difficult. Not only do you have challenges with interviewing and showing up to start a job, but now you’re competing with all these incredibly experienced people who suddenly found themselves on the street in thousands. And so it was pretty bleak to be honest with you.
And guess what? Here we are in the February, March timeframe when we’re recording and releasing this episode, and it’s not exactly the same, but it feels similar because there’s a lot of tech layoffs going on because why? Well, companies, especially tech companies really ramped up during the pandemic because the shift of spending was away from in-person things to do and it shifted to stuff. And so Amazon and all these places, Apple, started going gangbusters in terms of selling their products and they staffed up and now demand has returned to more normal levels, pre-pandemic, and now they’re releasing people.
Jason Dion:
I think you missed a key part there. You just said bad and bad, but you forgot about the greatness in between, in 21, 22 and 23, because of the pandemic, there was this huge shift from everybody has to work in the office. So the initial three to six months of the pandemic, everyone pretty much got laid off. Everybody’s like, stay home. We don’t know what the heck we’re doing. After about three months, companies started going, well, we can’t stay closed forever. So they started doing a lot of remote work and that created a lot more jobs for us as IT and cyber security professionals. And there’s this huge boom where basically anybody with a pulse was getting a job, and so they overstaffed. And then now in late 23, early 24, you started seeing a lot of tech layoffs, because they’re starting to go back. It’s not that there’s a problem in tech. A lot of people are like, Oh my God, the tech industry’s failing.
It’s not, we’re just going back to a normal level, and in about six months you’re going to see this level off again. We’ll get back to what a normal level should be. So I just want to point that out.
Kip Boyle:
I agree.
Jason Dion:
Way Kip presented, it sounded like bad, bad, bad. Like, Oh my God, I’m getting out of the cyber realm. It’s not that. It goes to the cycles. And when you’re in and you’ve got a couple of user experience, people who got, as Kip said nicely, released. I could tell you’ve been working in HR for a long time, Kip, okay, the fact you said released, okay. Let me translate for everybody else, fired. People got fired, they got let go, they got laid off, they stopped getting a paycheck, and the investors on Wall Street said, Woo-hoo. And the employees go, Oh, that’s what happened. So released is a nice way of saying all that, but they got released.
Kip Boyle:
I don’t even know why I said released because I know there were a lot of team leaders who didn’t want to do it.
Jason Dion:
Yeah.
Kip Boyle:
It’s like, Ah.
Jason Dion:
Yeah. And it wasn’t firing because they were bad, it was firing because at the end of the day, to the employee though, they got fired, they stopped getting a paycheck. But you’re right, it was more of a release because they had to get down to normal levels. We used to say in the nineties and 2000s, they were laid off. We were right sizing. It’s all these colloquial terms that really just mean the same thing. You don’t have a job anymore, bro.
Kip Boyle:
You’re absolutely right. And in no way was I trying to diminish personal pain that people were feeling for that, for being laid off, for being fired, for losing their jobs. But at the same time, I also felt like it was an unusual situation. That’s not typical in our history to have that happen. I still think of it as a bit of an aberration. Now, one of the reasons why I wanted to do that recap is because I wanted to say that if you find yourself today in a situation that closely resembles what the world was like in 2020 when we first started this podcast, guess what? Everything we said is still relevant. Everything we said is still going to help you. So go back and listen to those episodes because Jason and I really work hard to create evergreen content. We don’t want the episodes that we release to go stale so quickly and not be useful. Anyway, so I just really wanted to acknowledge that we’re in a difficult time.
Lots of great things happened, of course, Jason, you’re right. Some other really great things happened too. The prevalence of remote work is up and it’s going to stay up compared to the way that it was before, which is wonderful. The fact that so many workforces are now remote means they need more cybersecurity than ever, which as you said, increases demand for more cybersecurity professionals. So it’s your typical good news, bad news situation. But anyway, so that’s the recap. That’s where we were, this is where we are. And did you want to say anything else, Jason, before we start talking about what’s next?
Jason Dion:
Yeah, I was just going to say as we move forward, you can always go to yourcyberpath.com and you can always get access to all of the old episodes. As Kip said, this is episode 116. We’ve been doing this for about four years. This was season two. Season one was Kip, and then Kip and Wes, his former co-host. And since around episode 55, so about half of it was Kip and Wes. Half of it has been Kip and I. And throughout all that content there was, we talked through the pandemic, we talked about the rise, we talked about the recession that was upcoming. We talked about the slowdown in the economy.
And so no matter what you have as far as if it’s a good times or bad times, we’ve got episodes that cover all that, as well as just episodes that are great for you in your career of what jobs should you want, how can you get those jobs, how do you work your resumes, how you do your interviews, all that kind of stuff is stuff we’ve covered over that 116 episodes, which is about 50 hours of us talking about stuff in the cybersecurity realm. It’s a lot of content.
Kip Boyle:
Yeah. And it’s timeless. We’ve gotten some feedback too, that people are saying, well, I’m not in cybersecurity and I’m not trying to get a cybersecurity job, I’m in tech. And most everything you guys say is still helpful to us. So I’m super happy about that. That’s fantastic, and I hope people continue to benefit. So what’s next? Let’s talk about what’s next. So season three, so Jason and I sat down and we said, what do we want season three to be? And we talked about everything that we had done to this point. We talked about everything that we thought we wanted to say to you next. But one of the things that we realized as we took stock or inventory of all the episodes that we’ve created so far is we’d actually said almost everything that we set out to say. And so then it was like, well, now what do we say? Do we rehash some stuff? Do we go back over old ground? What is there new to say?
And you know what? There’s always new stuff. So we’ve got the rise of artificial intelligence based interviewing platforms. We’ve got AI based this, and AI based that. The very nature of cybersecurity work constantly changes depending on the technologies that are out and available, the types of attacks that are going on. Cyber crime continues to get more and more pronounced. It’s not going away anytime soon. It’s only going to get worse. So there’s no lack of things to talk about in general. However, we do have competing interests. So that’s where we started looking at, well, what are the demands do we have on our time?
Jason Dion:
And before you get into that Kip, I just want to point this out to the audience because I don’t know if you all have been this way, but I recently have been extremely stressed out because I feel like everyone is competing for my time. There’s only so many hours in a day. And what I have been learning is that when I say yes to something, I’m saying no to 10 other things. If I say yes to this podcast and that takes two hours every two weeks for us to film and write and do this and edit and all that kind of stuff, that’s two hours that I’m not getting in other work that I need to do. And I know Kip, you’re the same way, and I won’t put that out there for everybody else because sometimes we feel like we say yes to everything. Oh, I should get a certification. I should take this job. I should work with Boy Scouts, I should work with my church. I should do this, I should do that.
And you look up, you’re like, Oh my God, I have zero time for myself to do anything, and you’re just running from one place to the next. And that’s where I got recently. So that’s why I am slowing down a little bit and trying to slow things down. I know, Kip, you’re getting overwhelmed with the millions of things that we’re working on. And one of the big ones that you and I have been focusing on is Akylade, which is the certification company focused on cybersecurity certifications, specifically the NIST Cybersecurity framework was the first set of certifications. And we’re working on the second set now, and we’re working with the advisory accounts and all that. And I know you want to talk a little bit about Akylade, but that is where we’re going. I just want to point that out to the audience is when you say yes, you’re also saying no to other things. And a lot of times we don’t think that way. And I know me personally, I just want to say yes to everything. And that becomes a problem.
Kip Boyle:
Yeah. I fall into the same pattern or behavior and especially early in your career, you want to say yes to everything because you want opportunity, you want growth, but yeah, at some point you’ve got to look around and say, have I said yes to the right stuff? And I think any astute listener at this point knows where this is going. We’re now going to explain to you why season three isn’t going to happen the way we originally thought that it would. And we’re going to tell you what’s going to happen instead. So Jason and I are busy building a new company together called Akylade. Akylade’s been out there for a year now, and it’s going really well, and we really want to see Akylade succeed. Now, how did Akylade come around? Well, it came around because of this podcast in part, we’re out there trying to help people get cybersecurity jobs and accelerate their cybersecurity careers.
And guess what we figured out? Cybersecurity hiring managers are in big trouble. They’re struggling as much as you are. It’s maybe difficult for you to see that, but it’s true. And as we talked to them, and I went on a countrywide tour in the fall, I went to six cities and I went to the SecureWorld conferences and met with cybersecurity hiring managers in all those cities. And even before that, I’d been working with them. We have released an open source project called the Cybersecurity Hiring Manager’s Handbook. And it was designed to help them, but what we found out is that their needs are really, really deep. And so that’s a big reason why we formed Akylade.
And so we really want to help you by going and helping hiring managers, is what it comes down to. So we’re still in this business, it’s just that we’re going to divert ourselves into a different direction and we think that you’re ultimately going to benefit from it. Now, that was one reason why Akylade began. But Jason, that wasn’t the only reason. Do you want to talk at least a little bit about what did you see going on in the marketplace that also made you say, I think there’s room for another certification organization?
Jason Dion:
Yeah, so Kip comes this from the hiring manager side. I come to it from the student side, and I’ve trained 1.8 million students over the last seven years for their IT certifications across things like CompTIA, Linux Professional Institute, IDOL, PRINCE2, PMP, and many, many others. We teach 30, 40, 50 different certifications. And I’ve seen there’s a lot of problems with a lot of them. And if you just take a look at things like, let’s talk about ethical hacking. There are three main certifications for ethical hacking out there. You have PenTest+, you’ve got CEH, and you’ve got OSCP. And all three take a vastly different approach to the certification. If you go with CEH, it’s all multiple choice questions. And then if you want to do their expansion module, there’s a hands-on lab part that you can become, it’s called a CEH practical. And so they done this.
They were getting complaints because they were only doing ABCD and you can’t really test everything in ABCD. So then they created a lab, and that was really in response to the PenTest+, because when PenTest+ came out, they had questions, but they also had the lab environment with the PBQs, the simulations at the beginning of the exam. So that’s why CEH said, okay, we now have this CEH practical, and both of them were trying to compete with OSCP, which is the Offensive Security Certified Professional from the makers of Kali Linux and Metasploit. And they are focused on hands-on. So when you take that exam, it’s a 24-hour lab-based exam. There’s no multiple choice. It’s all hacking and then writing a report. And what I saw is I looked at that one example and I looked at this across multiple different other areas, is that in the ethical hacking space, at least you have a choice of three different areas where there’s a knowledge-based exam, there’s a knowledge with some skill, and then there’s just a total skill-based exam. If you look at CEH versus PenTest+ versus OSCP.
Now the big problem is OSCP great, but it’s not recognized by DoD. So if you’re trying to go for a DoD contract job, you got to go CEH, you got to go PenTest+. But then on top of that, you probably want to get OSCP to show you can hack. So what we did when we started looking at Akylade was we started looking at a lot of areas that either didn’t have certifications or had only knowledge-based certifications or had things that were certificate courses but not certifications. And there is a difference between a certificate and a certification. We could talk about that if you want to Kip. But basically the bottom line is as we looked at this industry, we started saying, okay, we don’t want to be just another me too coming. Let’s do another CEH type certification and compete with CompT and CEH and OSCP. That’s not our business. We don’t want to do that. There’s no reason for us to do that. There’s already three out there. Pick one of those.
We wanted to go to areas that were not being covered adequately in the marketplace. And a great example of that is our first set of certifications, which I know you want to talk about, which is ACCRF and ACCRP, which stands for the Akylade Certified Cyber Resilience Fundamentals, and the Akylade Certified Cyber Resilience Practitioner. And you’ll notice that both of them start with the same beginning and then they change the end, which is Foundation or Practitioner. And this is the way we are doing all of our certifications. For every topic area, there’s going to be two certifications. There’s a fundamentals or foundation level, which is really a knowledge-based exam. It’s ABCD, it’s level one, level two of the Bloom’s taxonomy. So do you know your terms? Do you know your definitions? Do you know your life cycles? In the terms of NIST, do you know the five functions and do you know what it means when we talk about the different levels inside of it and all those kinds of things?
If you read the NIST Cybersecurity framework, PDF, which is 55 pages from NIST, you’ll be able to answer every question on that exam. It is a knowledge-based exam saying, I know the NIST Cybersecurity framework. Hire me. I’m good. I can speak the language and work with the team. I’m ready to be a part of your team. The second level is really where we make our difference, and that’s where we go into the practitioner. And the practitioner exam is based on all real-world case studies and examples from companies that we have seen and consulted with. We as the subject matter experts, not just me and Kip, this was done by a team of 50 different subject matter experts to write these exams. And we went through this whole process and we can talk about that if we want to, but I think we’ve talked about before the show as well.
But the idea is in the practical, you’ll read a half a page to a page about a company and what they’re experiencing and then you’ll say, well, as a cybersecurity professional consultant here helping you, I think we need to do A, B and C based on that. And these are all multiple choice, but you’ll be answering those multiple choice based on these longer more in-depth case studies. You look at that from a Bloom’s taxonomy perspective. We’re really talking at level three, level four, which is analyze, synthesize, discuss, and really putting your knowledge there so that if you hold this certification, we want hiring managers to go, Oh, Kip is a CCRP. He knows what he’s doing. He can be our consultant for anything that’s cybersecurity framework related. And that’s really what we’re focused on in those two certifications.
Kip Boyle:
And not just an external consultant. We are using the term consultant because quite frankly, some of the best cybersecurity teams, internal teams, behave as internal consultants. We’re helping people make good cyber risk management decisions, good cybersecurity decisions on assets that they own, that they’re responsible for, that we don’t own, we’re not responsible for. Our job is to advise. Our job is to guide. And so that’s one of the reasons why we’re taking the approach that we are. Now, OSCP is highly respected by hiring managers because it’s so practical, it’s so hands-on and it’s rigorous, and we want to do the same thing. We want rigorous certifications that hiring managers are going to trust. Now, if we’re successful and they trust them, then that means if you get them, you are going to have an edge in the hiring process because they’re going to see that you’ve got ACCRF, ACCRP, and they’re going to put your resume at the top of the pile because they know that Akylade, the way that we test people is rigorous. And it means that if you pass that you actually can solve problems on the job.
Anyway, so that’s-
Jason Dion:
Yeah.
Kip Boyle:
… right, Jason?
Jason Dion:
Yeah, the last thing I just want to say is I did mention certificate versus certification, and I’m going to talk about 60 seconds on this just to let people know why this is taking so much of Kip and I’s time. Give me two minutes then, let me go for 120. Ready? And ready, set, go. Okay, so the difference is when you get a certificate that is saying you completed something, so there is somebody else out there already, there’s another company that does do training on the new cyber security framework, and you can get their certification will say, you are a certified blah, blah, blah, whatever. And really the way you get that is you have to take their training, you have to take their class, and then at the end of the class they go, congratulations. Boom, you are now certified. That is a certificate. That is a certificate of completion, it’s not a certification.
A certification is something that is created not by the company who is selling it directly, but with a team of experts. So when we went through this process, we had to go through this nine step process where we had to bring in all these experts and we had 50 different hiring majors come in and they came in and said, okay, if you were hiring somebody be a NIST cybersecurity consultant in your organization, what do you need them to do? Well, I need them to do risk management. I need them to know the five pillars. I need them to know the tiers. I need them to know this. I need to know them that. All these things. And they came up with a list of four or 500 things. Then we had to send that out to another group of 50 to a 100 hiring managers, and they ranked them what is the most important. And then the top 100 things are the things that made it into the certification, that made it into the textbook.
And then when it came to question writing, it wasn’t Kip and Jason saying they’re writing all the six, 700 questions. We had a team of folks that were SMEs in the field that know this stuff, and they came in and wrote all the questions so that it’s not the guys writing the textbook, writing the questions, who are grading the exam. And so each part is independently done. Each part is independently assessed. And as we go through that, we’re also going through the ISO compliance process. So we become an internationally recognized standard, and that is about a year process. We’re already working our way through that. And that is something that is very time-consuming as well and taking up a lot of our time, because without that, we are not going to be the industry recognized certification that you want it to be if you’re getting that certification. Otherwise, it’s just a certificate of completion and people don’t know what it is and they don’t care.
And so in that case, you’re wasting your time and… You’re not wasting your time, because you’re still getting good information, but if it’s not fully recognized and certified and done that way, it’s not as valuable to you when you put on your resume. And that’s what we’re working towards is to become another CompTIA, another ISE Square. When somebody sees CISSP, they know what that is, when they see Security+, they know what that is, and that’s the goal for CCRF and CCRP plus the other certifications we do. So just wanted to take a step back there, but that’s another competition for our time because it does take a lot of Kip’s in my time with our roles in Akylade.
Kip Boyle:
Yep. It does, and we really do want to have a certification organization that is high quality. That’s the term that I would put on everything you just said. We are going to be high quality, we’re going to be accredited. It’s going to be like the difference between going to a schoolhouse on the corner of your local town versus going to an accredited university. It’s not that you can’t learn from either place, but a lot of it really has to do with the quality of the instruction and how the material is put together. And, of course, what do other people think of it? Because that’s really important. The reputation is very important.
Jason Dion:
Because if we wanted to make this just a certificate, I could have just created a URD uncertified slap and then off you go and it would take me five minutes, but that is not what we wanted to do. We wanted to create this industry level certification that’s recognized around the world.
Kip Boyle:
So we wanted to take the time now, and thanks for sticking with us as we did that, to explain to you why we’re not going to do a season three of Your Cyber Path at this time, and why we think that we’re still thinking about you as we go in this direction. Now, many of you know that I write a bi-weekly email, about 500 words long. It’s called a mentor note, and my goal with that is to bring something to you that I think will help you be successful. And same way that we have with the podcast, but in this case, it’s just me writing something and inviting you to talk back to me. That’s one of the great things about email is that you can’t reply and you can tell me what you think of it, whereas in a podcast, it’s a little more difficult, a little more friction for you to figure out what’s Kip’s email address? I really want to say something in response to that podcast.
So I’m going to continue to write mentor notes, but I’m only going to do it once a month as opposed to every other week because there is still things I want to say, I still want to help you and I still want to share with you valuable insights that a hiring manager has to share with you. And by the way, that’s how this thing all started. I don’t know if I said that, but in case you don’t know, the reason this all started is because I kept getting asked over and over and over again in very impromptu ways, Hey Kip, you’re in cybersecurity. My son, daughter, niece, nephew, brother-in-law, whatever, they want to get in cybersecurity, how should they do that? And I did my best to give them off the cuff answers, but I never felt really great about the quality of what I was saying and I never felt like I said enough. And so I decided one day I’m just going to go look for somebody who’s already out in the world talking about this the way that I would and I couldn’t find anybody.
Jason Dion:
That’s what I did, and I found Kip, because I came at this about a year later.
Kip Boyle:
Yeah. So I said, all right, fine, I’m going to do this because there just isn’t anybody else out there talking about it. And then here comes Jason. And because he wanted the same thing, he had all these students, they were trying to get jobs, they wanted his best thinking on the subject, he didn’t have time to do it, so he went out looking for somebody and thankfully we got connected and now we’re doing some great work together. So anyway, mentor notes. Listen, if you’re not already subscribed to my mentor notes, I want you to go to yourcyberpath.com and I want you to sign up because I still want to help you. I still want to talk with you and I still want you to tell me what you are struggling with. All right. So even though we’re about to take all this energy and effort and put it into another direction, I’m still going to do the mentor notes. Now, are we ever going to get back to a season three for Your Cyber Path on a schedule similar to what we’ve been on? Jason, you want to tell them what we’ve decided?
Jason Dion:
I would say the answer to that is maybe, but we don’t have a date for that yet, and it may come back, and this really depends on you all the audience and what you want. If we start getting flooded with emails tomorrow, then everybody’s like, Oh my God, you guys are going away. How dare you. We may reprioritize and do it, maybe it’s a monthly episode or something like that, but we’ll figure that out as we go. In the meantime, what we’re doing is we are taking a pause so we could focus on the other thing because Kip and I were really busy and one of the things we had talked about was possibility of Kip just doing season three by himself, or Jason just doing season three by himself. So it didn’t take both of our times, and ultimately we were both just so busy over the next three to six months, we decided we’re just going to take a pause completely and then we’ll look at reassessing this in about three to six months and figure it out from there.
In the meantime though, if you email us and you say, Hey, I really would’ve liked it if you guys covered X, Y, Z topic and we look and we’re like, Oh, we already have that. Here’s an episode, go listen to episode 55 or whatever it is, or if we look and we’re like, Oh, we didn’t cover that, then maybe we’ll get together and put out a special episode in the feed. It just wouldn’t be necessarily season three where you’re going to expect it every two weeks the way you have with season one and season two. And then the other thing we talked about is if we’re doing seasons, one of the things we’ve been looking at is moving forward is doing shorter seasons. So originally when we talked about season three, we’re talking about eight to 10 episodes, which would basically be three months of content or four months of content, and then we move on to the next one.
So those are things that we’re thinking as well as we move into seasons either around topics of collection of episodes like, Hey, we’re just going to talk about for the next 10 episodes this thing, or we’re going to talk about that thing. So that’s what we’re looking for is again, feedback from the audience helps us know which direction you want. But right now for the next three to six months, Kip and I are both underwater, so I would expect intermittent episodes to answer those questions as opposed to just another full season three right now.
Kip Boyle:
Okay, good. I think that’s exactly what we agreed to do, so I don’t need to add anything to that, just acknowledge that, yep, that’s right. So as we wrap up this episode, let’s talk about next steps for you. We’ve already told you what our next steps are, but we want to encourage you on a couple of things. First, I just want to say again, if you’re not signed up for the mentor note and you’d like to get it one month or one per month going forward, go to yourcyberpath.com. By the way, we’re going to leave the website up. All the episodes are still going to be out there. All the transcripts to all the episodes will remain. That stuff’s not going anywhere anytime soon, but get signed up for the mentor note. Another thing that you might do, and I think this is optional depending on where you are now and where you’re headed, but I write another email called Inflection Point, and the Inflection Point is designed for people who really want to see the big picture of what’s going on in the world with respect to cybersecurity and cyber risk management.
Now, if you are a big picture person, if that will help you do your job, then I want you to go to cr-map.com, cr-map.com, and I’d like you to sign up for Inflection Point, and then you can tell me what you think about what I’m writing over there. Now, CCRF, so Certified Cyber Resilience Fundamentals, that test, that exam, that certification is generally available, so go take it. You might as well go take it. You know you’re going to need it. The whole world needs cyber resilience, and so I want you to seriously consider going and getting it. Just go to Akylade.com, A-K-Y-L-A-D-E-
Jason Dion:
… A-D-E.com. A-K-Y-L-A-D-E.com. Akylade.com. The other thing I always say about that is that test is based on the book called Mastering Cyber Resilience that you can find on Amazon, and that book was written by myself and Kip. And even if you’re not going to take the certification exam, you may want to check out that book because it goes through the entire NIST Cybersecurity framework and where they cover it in 55 pages, we take about 250. And you’re like, whoa, why do I want five times as many pages? Well, the reason is, the reason that most people don’t use the Cyber Security Framework is they don’t know how. The framework itself is a framework, which means they tell you what needs to be done or why it needs to be done, but they’ll tell you how to get it done, and our book goes and breaks that down. I would say we break it down Barney style.
So if you know Big Purple Dinosaur from the ’90s and 2000s, we try to make it as easy as possible. We write at a ninth or 10th grade level and we give you a lot of explanations, a lot of examples, and how this can be applied in the real world to your organization or organizations you’re consulting with. So definitely recommend that, very inexpensive book. I’m not just trying to sell you a book, I’m just trying to get you the information you need. If you decide to take CCRF or CCRP, that is the textbook for those. It literally covers everything you’re going to need for those two exams.
Kip Boyle:
Yep. And then once you get your fundamentals certification, by that point, we think that the practitioner certification will be generally available. So I’d like you to consider to go get that as well. You don’t have to buy another book or any other preparation materials. Everything you need is either in Mastering Cyber, Resilience, the book Jason just talked about, or you can go and download the NIST Cybersecurity framework publication, which is free from the National Institute of Science and Technology, Standards and Technology. What do I think this is, Vulcan?
Jason Dion:
National Institute of Standards and Technology. That’s correct.
Kip Boyle:
All right, so now one more suggestion for you before we wrap up. Jason and I have taken everything that we know about how you can stand out as a candidate in the hiring process. Not only have we released it in all the episodes of the podcast that we’ve done, we actually have condensed it and turned it into a standalone course over at udemy.com. It’s called Irresistible. And of course, the point is to make you irresistible to cybersecurity hiring managers. You can go listen to all of the podcast episodes, all 115 of them, and you’ll get as much or more from doing that, or you can go spend a few bucks and you can get the Irresistible course, which will give that information to you in a highly condensed way. Also, it’ll give it to you in a very serialized way where every lesson’s going to build on every other lesson, and it’s just way more convenient.
And we know sometimes people like, Hey, I just want to get through it as fast as possible. I don’t want to mess around with doing podcast episodes, whatever, whatever. So if you are that kind of a person, I want you to go over to Udemy. I want you to check it out. It’s very highly rated. We have got lots of satisfied people that have gone through it, and you really ought to check that out. Now, Jason, if they want the best possible price on the Irresistible, would you tell them how to do that?
Jason Dion:
Yeah, the best way is just go over to diontraining.com/Udemy, which is my website, and they can also go to yourcyberpath.com/Udemy. Sometimes we forget to update the code there because we don’t have a full team, but diontraining is always updated. But if you go to diontraining.com/Udemy, you’ll see the Irresistible course there with Kip and my smiling face. Just click on that button. It’ll open up Udemy in a new window, and it’ll always give you the lowest price. Generally, you’re going to pay between $10 and $15 for that course. It’s around five or six hours of content. And as Kip said, we break it up into a very structured method. So we start out with where do you find these jobs? Where do you figure out what job you want to be in because there’s 30 or 40 different jobs in the cybersecurity realm, and we walk you through that.
Then we say, okay, now that you’ve figured out what you want to be, where do you find jobs with that title? And we show you how to do that through LinkedIn and Monster and Dice and all those kind of things. Then we go into how do you write your resume for that specific job? Then we go into how do you do your interviews? Then we go into how do you do your negotiations? And then we go into how do you survive and thrive in your job the first 90 days and setting up your plan for the next three to five years inside of your career. And all of that is covered in about five to six hours of videos. We’ve got templates in there for your resumes, all that kind of stuff. It’s a really great course for 10, 15 bucks. It’ll really set up for success either to get into the cyber industry or be able to go into your next level in the cybersecurity and try to get that promotion or that job.
Kip Boyle:
So there you go. I really recommend it, and if you try it out and you absolutely hate it and you think it’s the worst thing ever, you can get your money back. Right, Jason?
Jason Dion:
Yeah, Udemy has a 30-day money back guarantee, so if you’re not happy for any reason, just go into your account and say, refund my course. They give you the money right back. So it’s not a problem there. The last thing I wanted to cover, because I know Kip went through his whole list as we wrap up this episode, is if you want to reach out to us now or in the future, there are two great ways to reach out to us. The first way, just go to yourcyberpath.com/ask, A-S-K. If you go there, there’s a little widget inside of our website where you can record a voice message to us. It will transcribe it and email it to us as well as have the audio recording as well. And that way you can ask a question, and usually if you do that, you either get an email back from either Kip or I, or you’ll get an audio or video message back from Kip or I, depending on what’s the best way for us to answer your question.
If you have a question, what certification should I take next? That may be a very quick one word email, that’s fine. But if you’re saying, Hey, here’s my position and here’s what I’m looking for and what can I do? That may take me three to five minutes to speak, so I would just speak it instead of spending an hour typing it out. But either way, you’ll get a response directly from either Kip or I. The other way you can reach out to us if you have any suggestions of things you think we haven’t covered yet on the podcast that you’d like to hear, you’d like a special episode on something, you want to know more information about any of the things we talked about today, you can always reach out to Kip directly, at Kip@Yourcyberpath.com, and Kip does check every single one of those emails and those that he thinks I need to see, he shares them with me too. But he does check every one of those.
So if you email us at Kip@yourcyberpath or the yourcyberpath.com/ask, all I’m going to say is please give us a couple days to respond. We get buried in emails between our different companies and our students and our listeners, and so just give us 24, 48, 72 hours sometimes to get back to you. We do read every single one of them, but sometimes it does take us a little while.
Kip Boyle:
Yeah, we do want to hear from you, and that’s why we’re taking the time to actually explain how to contact us. Please don’t hesitate to do that. Despite the fact that we are changing directions here, people are important, so we do want to hear from you. All right.
Jason Dion:
And the other thing I’d love to hear about from the audience, if you have any thoughts on what we talked about, the certifications, we talked about the NIST Cybersecurity framework. If you’re like, Hmm, I feel like there’s a gap here. Why isn’t there a certification for this? Or why are certifications this way? I love to hear the student frustration and the candidate frustrations like, Hey, I took OSCP and I hated it because blank. Or I took it and I loved it because of blank. Kip and I would love to hear that. There’s nothing better for us as we’re building out this Akylade thing to hear it from both our hiring managers and those, because we have a lot of hiring managers in our audience that listen to us, as well as those trying to break into cybersecurity.
I know some of the complaints I’ve heard is it’s not relevant to what I do on a daily basis. It costs too much money. They want a thousand dollars for me to take an entry level exam. These are all things we’re addressing as we’re building out Akylade because we’re making it something that is being built by the cybersecurity community for the cybersecurity community. So we want to hear from you, and again, you can reach us at Kip@yourcyberpath.com with anything you want to talk about there, and he will share those with me during our meetings week.
Kip Boyle:
Absolutely. All right, I think that wraps up the episode unless there’s anything else, Jason.
Jason Dion:
That’s all I have. I just want to say thank you everybody for listening to Your Cyber Path, and this marks the conclusion of season two. You’ll hear from us again in a special episodes to answer any listener questions or feedback questions you have, as well as planning on season three for when that comes, and if you’re subscribed to this podcast, and if you’re not subscribed to this podcast, subscribe because when we come back, you’re going to want to know, since we’re no longer on the every two weeks sequence, but if you are subscribed, anytime we release an episode, it’ll go in your feed and you’ll be notified on your phone. So please do that and keep in touch with us. We’d love to hear from you. Other than that, thank you for joining us for the end of season two here on Your Cyber Path.
Kip Boyle:
Thanks everybody.
YOUR HOST:
Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!
YOUR CO-HOST:
Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.
Don’t forget to sign up for our weekly Mentor Notes so you can break into the cybersecurity industry faster!