EPISODE 112
Hey everyone. This is your CyberPath where the podcast that’s going to help you start your cybersecurity career, or we’re going to make it go faster if you’ve already got one. So welcome. I’m Kip Boyle. This is Jason Dion with me. Hey Jason. Hey Kip, great to be here once more. Yeah, this is, um, this is gonna be a great episode, because what we’re gonna do is answer listener questions.
So we’ve been accumulating these questions for a while now, and, uh, the problem is we have so much to say that we had to, like, Exercise a lot of self control and, and turn the mic over to our listeners. And so, uh, yeah, so we’ve got, I think, eight questions and we’re going to, uh, do our best to, to answer them.
So, uh, Jason, how should we do this? Yeah, before we get started, I just want to let everybody else know who’s listening. Thanks for listening. AFI. This is not your question and you submitted a question. I believe we’ve answered all the questions individually to those who submitted them to us. Um, but we basically chose our eight favorites to do on this episode.
And we’re going to basically read the, uh, question. Uh, I’ll read one to Kip. Kip will read one to me. We’ll give our thoughts and be able to give you the answers directly. If you want your questions answered as well, you can do that by going to yourcyberpath.com/ask. That’s A S K. Click on that link.
And in there, it will let you either type in a question or record a voicemail for us. In about 30 to 60 seconds giving us your question and that way we can give you an answer and generally it’ll be done as an episode like this or we’ll do a quick video and send it to you by email so you’ll get the answer quicker than waiting for us to do another one of these episodes in three months, six months, whenever it happens to be.
So I just want to point that out there. If you have questions for us directly, we don’t have a chance normally to answer individual emails as much as we would like. At least I know I personally don’t because I have Over a million students around the world, and I simply just can’t keep up with that demand.
But this is a way you can get a question answered by Kip or me directly in an audio or video format. So that being said, we’re going to kick it off to our first question, which is going to be one for Kip. And this actually comes from a Holoma who asked, uh, they are a novice in cybersecurity and where do they start from?
What materials do they need? Like basically, hey, I just heard about this whole cybersecurity thing. What do I do now, Kip? Uh, which is really a big question, right? Uh, but I know you’re gonna give us just a couple of big tips to start with. Yeah, this is, this is an enormous question, but I, I liked having this on the list because, I mean, that’s really why we’re here.
That’s what probably most people listening to this podcast for the first time are wondering is how do I get started? All right. So I, what I want to do is just give you a quick thumbnail sketch of what I recommend. Now, the first thing is you need to know what job you want. Really, everything that you’re going to do to answer this question for yourself is going to flow from knowing the job that you want.
And you need to know that job by title. And, you know what, the same job can show up as different job titles in different, uh, job postings. So, you know, be aware of that. Um, However, if you don’t know what job it is that you want, and you just know that, Hey, I want to get into cybersecurity because it’s hot and new.
And because I did the research and I realized that there’s so much demand for cybersecurity professionals. And, and I also learned that they work in, you know, like air conditioned, uh, you know, office buildings. And, you know, right now I, you know, maybe, maybe your job is, you know, you’re working outside, or maybe you’re working at a, You know, a factory or something, you know, kind of a hazardous environment, it’s kind of dirty and you just would like to go every, you know, every day to a clean office, whatever your motivation is.
It’s all fine, but if you don’t know what job you want, well, you got to get that taken care of. Okay, so we recorded an episode. A series of them, in fact. If you go back to episode 31, it’s called All the Jobs in a Large Cybersecurity Organization. Go check that episode out. And then there’s a, there’s a, a number of them after that, that focuses on different areas inside of that organization.
There are more jobs, uh, for people in cybersecurity than most people know. So Jason, what are the common, like, uh, you know, jobs that you hear people who want to get into cybersecurity Focus on all the time. Yeah. I would say probably the number one that I hear is I want to be a hacker, right? Or I want to be a pen tester.
I want to be an ethical hacker. Um, that’s probably the number one thing. Everybody thinks it’s cool. You want to break in. You want to be Mr. Robot. I get it. Uh, so that’s number one, right? The second one I think is pretty commonly known is a cybersecurity analyst. And even has the word cyber security right there in the title, right?
Um, but that’s essentially the defenders. So we have the attackers and we have the defenders. But then there’s a bunch of other ones out there, right? There’s IT auditors. There is, um, those people who focus on a specific area of auditing. For instance, I know people who are just focused on HIPAA compliance.
I know people who are just focused on PCIS DSS compliance. Um, I know people like you who work as a Cybersecurity consultant and you work with large organizations as a virtual chief information security officer, right? So there’s lots of these different jobs and I really like that you brought up the episode 31 Because episode 31 is called all the jobs in a large cybersecurity organization and you and your former co host West Actually went through I think about 15 or 20 different jobs in that episode and said, okay, here’s what a pentester does Here’s what a cybersecurity analyst does.
Here’s what an auditor does. Here’s what an analyst does. And you went through all these different roles as you went around the security operations, uh, watch floor and discussed what those things are. Then over the next, uh, 10 or 15 episodes, you spent one episode, basically 30 minutes to an hour for each episode, diving deep into that thing.
So if you start with episode 31, you’ll go. Oh, you know what? Pen testing sounds really cool. I want to learn more about that. And then you’ll find that’s an episode. I don’t know, 35 or 36, whatever it is. You can go listen to that and hear from a real pen tester. Uh, cause you guys had guests in that, that’s right.
That job on a daily basis. So you’d know what it’s like, because I can tell you, most people say I want to be a pen tester, have never been a pen tester because most of the people I hear who say that think that it’s like on, I, you know, Mr. Robot, where they’re going to do three minutes of research and boom, they’re in the Pentagon.
It’s not that way you spend, you know, 10 hours. To run a 30 second command to go, woohoo, I made it, right? But it’s not like you see in the movies. It’s a lot of preparation and it’s a lot of reporting and analysis afterwards too. And if you get into that role, you might be like, man, this is horrible. I hate writing reports.
I don’t want to do this. And they’re really not, and you’re not gonna really enjoy that job. So it’s important to understand what these jobs look like on a daily basis. So you know what you’re aiming for. Right. And I think the second piece of that, uh, and the second part of her question, uh, is really now that you know what job you want, what do you need to do to get that job?
Right? And so let’s say you decided you want to be a cybersecurity analyst. That’s the job you decided on, right? Well, to be a cybersecurity analyst, you probably have to go get your network, your network plus certification, your security plus certification, and your cyber certification, which is cybersecurity analyst plus certification.
If you have those three certifications, you’ll be attractive enough to a hiring manager to hopefully at least warrant an interview. And now it’s your interview to try to get a position. And the reason why I say hopefully is because it is really hard breaking into this industry if you have no experience and if you’re a career changer.
Once you’re in this industry, as Kip said, there are lots of jobs available. There are more jobs than people, but the problem is nobody wants to take a chance on an unknown. And we’ll talk a little bit more about that in our next couple of questions, because we have some questions around how do I get a job?
How do I get one if I don’t have experience? Where do I get experience? And all those kind of things. Um, so do you think we covered, um, you know, starting from zero? How do you get into cybersecurity? I think the best thing is identify the position, find out what employers are looking at for that position, and then start to work on getting those things, whether they’re certifications, experience, or a preliminary job like, hey, we only hire people who are already a system administrator before they become a cybersecurity analyst.
Well, then you need to become a system administrator first, right? And those are the kind of things we’re thinking about as part of that question of starting from zero. Thank you. Then the last thing I’ll add is, um, you know, Jason, you talked about what certifications should I get. Well, we did a whole episode on that.
It’s episode 55. So, if you’re Wanting to take more of a deep dive into, well, what are those certifications that Jason just rattled off? Well, go to episode 55 and spend, not even an hour, uh, exploring all the different certifications and how do you know which one you ought to get? And, uh, we, we cover that.
Okay. And before we go to the next question, the one thing I did forget to mention is anytime we say an episode number, like 31 or 55, to get to that, you can either go into your podcast player and scroll back in the feed. Or you can go directly to that episode by going to YourCyberPAT. com slash and the number.
So if you want to go to all the jobs in a large security organization, you’ll just go to YourCyberPAT. com slash 31. If you want to learn about certifications, you’re going to go to YourCyberPAT. com slash 55. That being said, Kip, what’s the next question? Perfect. Okay. So we have a question and I, and you know, I don’t know how to pronounce every name, but we really want to acknowledge the fact that these came from people who are listening.
And so I believe the name is pronounced Amin. It’s spelled A M I N and I think it’s Amin, but I’m not positive. So I’m going to go with that. So Amin said, I’m transitioning from a nurse to cybersecurity. I’m currently attending a bootcamp that will finish at the end of this month. Please, what advice can you give to me on landing a job without.
Any cybersecurity experience. Thank you. What do you want to say to, uh, Amin? Yeah. So, you know, this is one of the big challenges, right? And we just kind of mentioned this a little bit in the last question. Uh, and that is that, you know, hiring managers are afraid of people who don’t have any experience and how do you get experience if nobody will hire you?
And this becomes the catch 22 that we always talk about. So when I talk about this, One of the things I look at is, what are the three big things that hiring managers are going to consider when hiring somebody? Usually these come down to experience, certifications, and degrees. Um, you can’t control the amount of experience you have.
You either have it or you don’t. Um, now there’s some things you can do to try to gain some experience, but today if I said, What do you have in front of you? You have a certain level of experience today. You also have a certain degree, whether you have a bachelor’s degree or not, and you have certain certifications.
And when it comes to which of these is easiest to beef up or get additional fast, the quickest one is actually going to be certifications. Because if you want to get your Security you could spend the next week. You can go through my video course, you can go take the exam next Saturday, and you’ll be certified.
Right? Um, that’s how these things are done. If you can dedicate 40 hours, you can get Security Plus certified next week. If you can dedicate 40 to 60 hours, I can get you CISA Plus in the next two weeks. Right? And so if that’s your limiting factor of getting a job is you don’t have CEH, or CISA, or Security Plus, or whatever, Go get that done.
It’s not that hard. You can do it. It’s going to take a little effort, but you can manage it. The harder one is going to be the experience and the degree. And the degree is hard because it takes four years to get a four year degree. Or it takes two years if you do it through Western Governors. But it’s still a very long time commitment and a very expensive thing to do.
And you don’t always need a degree to get hired. A lot of times, they’ll accept certifications and experience. In exchange for a degree, uh, I know in the government contracting world, if I look at somebody who has a bachelor’s degree, they count that as four years of experience, even if they have zero experience to start with.
But if I go hire Kip and he doesn’t have a degree, but he’s got 10 years of experience, his 10 years trumps your bachelor’s degree because that’s more valuable to me. So keep that in mind as well. It’s not just about getting degrees. So how do we get experience? Well, the first thing I would tell you is As you’re starting to work towards cybersecurity, you need to get a job that relates to cybersecurity in some way, shape, or form, even if it’s not directly in cybersecurity.
So if you get a job working in a help desk, you get a job working as a network administrator or a system administrator, that’s fine. It’s not technically cybersecurity yet. But it’s still in IT and you’re still doing some things that relate to cybersecurity as opposed to you being a construction worker who’s building houses all day.
There’s nothing I can tie from that into cybersecurity, so that doesn’t count as experience. But if you’re working the help desk, you are doing some cybersecurity functions, and so those can count towards you and it starts that clock going. So what I usually recommend to my students is get a job in or around the cybersecurity space, something that can at least touch on it tangentially while you’re getting your certifications or your degree.
And that way, by the time you’re ready to get into cybersecurity, you now have a year or two of IT or system administrator experience that you can leverage, and you’ll be able to talk the talk and walk the walk as an entry level analyst. Because as an entry level analyst, nobody wants to take you if you have no experience whatsoever.
So you’ve got to get experience. Now there are some other ways you can get experience, and we’re going to talk about that in the next question. So I’m going to pass this one over to Kip, which this question actually comes from Zene. I think I’m saying that right. It’s spelled Z E N E. It’s either Zene or Zeny.
And they ask, uh, where can I start to find volunteer opportunities to get into cybersecurity as an industry? Are there any mentoring groups? Uh, that are going to, or meet up groups for beginners. And I love the way they ask this question because it means that they’ve heard episode 58 before. And episode 58 is, we talked about how do you get hired with no experience?
Basically, how do you start from zero? And this is really important because if you have no experience and nobody will hire you to get your experience, how do you get some experience? Kip, what are some good ideas to get experience if nobody will hire you? Okay. Well, first of all, if you haven’t listened to episode 58.
You need to go listen to it. I can’t possibly give you every little piece of, uh, valuable information in episode 58, but I will touch on a couple things now to get you started. So, uh, you know, there are a lot of organizations out there that cannot afford a cyber security analyst or, you know, somebody to help them figure out what they should be doing with their wireless network to keep, you know, uh, The people out who are not authorized and so forth.
So if you have an organization in mind that maybe you contribute money to, or maybe you contribute time to, or just, um, there’s a non profit organization in your area that you just admire, or you’d like to know more about, my recommendation is go and volunteer for them and tell them as, as, as you’re meeting them, you know, hey, I, I know about cybersecurity.
Do you have any need in that area? I would love to be able to help you with that. Odds are nobody has ever said that to them before and if they are already aware that they, that they need to be better, I would expect that they will be so enthusiastic about having your help. Um, and so that would be a way that you can, uh, that you can get some experience.
Now there’s another way that you can get, that you can get experience and, um, and what this involves is it, I’m, I’m assuming you know what job you want. Right? Because we just talked about that. So if you know what job you want, then start thinking about the problems that people who have that job are solving.
And then what I want you to do is I want you to create a project for yourself, where you’re going to build an environment in the cloud, is my, is my Preference, although you could do it with actual hardware in your, uh, office or garage or wherever you’re working at. It’s up to you, but I want you to build an environment where you can create those problems and then solve them using free tools, open source, whatever you can get your hands on.
And then what I want you to do is I want you to, on your resume, on your LinkedIn profile, I want you to create a special project where you can talk about how you, uh, went and built an environment where you could recreate the kinds of problems that you would have to solve on the job, and then I want you to write about how you did that.
I want you to describe The, you know, how did you build the infrastructure? Where did you get the tools? What were the problems that you set up for yourself? How did you go about solving them? And what this is going to do is put a really great, uh, uh, narrative on your resume, on your LinkedIn profile, and it’s going to show.
So many good things, not only that you have experience solving real world problems, but that you’re a curious person. I cannot teach you curiosity, but if you can demonstrate you have curiosity, wow, you’ve just shot up a red flare for me as a hiring manager, and I’m going to want to talk to you. So that’s another way that you can get experience without having to wait for somebody to give you the chance.
So those are two ideas, but episode 58 will give you even more. Yeah, a couple of things I want to piggyback on that as well. So, as you’re doing this project that Kip just talked about, right? Um, you can go into the AWS environment and you can put in a Kali Linux machine and you can put a Security Onion machine and you can then start doing attacks against some domain controllers and things like that and then be able to see what does that look like in Security Onion and how did you identify those things?
Now, while you’re doing that, I want you to blog about that. Go on Medium or go on LinkedIn and start writing an article about what you’re doing. Because those things now become calling cards back to you. Because I can tell you as an employer, whenever somebody is getting, once it goes through the ATS system, the Applicant Tracking System, and I as the hiring manager now have the five people I’m going to interview, the first thing I do is I actually Google their name and see what pops up.
And so if I’m Googling Kip Boyle and the first thing that pops up is this. article that he wrote on Medium about how he set up this pen testing exploit in that exploit and saw this and, and went through this. I now know you can do this work, even though you’ve never been
helps as well. I have a friend who his whole business is around. It’s a boot camp style. Company, where they teach people how to become game developers. And one of the things they do is they build portfolios of the games they built, and they write about it on Medium. And if they’re posting one or two times a week on Medium, those people usually within two months are being hired as a game developer, because now they have the skills from this bootcamp, and people know who they are because they’ve been blogging about it.
So, so, uh, that’s one of the things I would recommend. The other thing I’d recommend is you can also get involved in things like Capture the Flag activities because if you win a Capture the Flag, now you put that on your resume as, you know, I won the Jason Deon Cup 2023 Capture the Flag, right? And I was first place.
Well, that tells me not just do you know how to do this stuff, but you’re actually really good at it because you beat out a bunch of other people. Now, if you’re in a major Capture the Flag event, like the ones hosted at DEF CON, It’s going to be really difficult to be number one there, because there are such really good people.
But if you go over to ctftime. org, which is a website with all the CTFs that are available online at all times, I can tell you, I just pulled it up, and in the next two months, there’s about 30 different CTFs. And a lot of these are very small ones that only have five or ten teams of people, or 20 or 30 people playing.
And so the chances that you can get into the top three or four, it’s pretty high if you’re in one of those, right? And so now you could say, oh, I placed third place in the blank, blank, blank, capture the flag. No one’s going to look it up and see that there’s only 23 people in there. They just see that you were third and that’s good enough for them, right?
They’re just assuming there’s thousands of people in it. And you’re not lying, right? And you’re not lying. You’re not saying I was three out of a thousand. You’re saying I was number three. And if there happen to be three people there, you’re still number three, right? Um, and so that’s another way you could do it.
And then the third thing I would recommend is you can volunteer at places like Kip said, uh, if you have a church, if you’re into Boy Scouts or Girl Scouts or something like that, all these places need cybersecurity help. Uh, and from the Boy Scouts, Girl Scouts perspective, they actually have a badge now for cybersecurity or cyber awareness, I think they call it.
And so you can go in and work with your local Boy Scout troop for a couple of weeks, helping those kids get their badge. And as part of that, you can now write, you know, was a cybersecurity instructor for 12, you know, 12 to 18 year old boys, uh, teaching this concept, right? And that can help in your resume as well.
So sometimes you just got to get kind of creative as you do this. Um, and then the last thing I would say is if nobody will hire you, start your own company. Um, I actually did that back in the late nineties, uh, when I first got it into it, um, I had people who wanted to hire me, but they wanted to pay me 5 an hour to be a.
Security Technician, and I was like, for that, forget it, I’ll just do it myself. And I started my own company, and I started working for small, uh, small offices, small office and home office networks. I was dealing with law offices and real estate firms and things like that, and they’re paying me 50 to 100 an hour to set up their computers and do their cyber security, uh, versus where I was being offered 5 or 6 an hour from a company that wanted to hire me on.
So, um, you know, sometimes you can Get creative and go outside the box, but now you’re going to be a business owner. Now you’re doing, you know, one on one consultations and stuff, but it is something you can do. And especially if you’re targeting that small and medium sized demographic, they don’t have the money for, to hire somebody like Deloitte to come and do their cyber for them.
Right. They’re not the U S government. They can’t afford that. Um, but you can do that type of service. If you have the skills, sure, you can do it yourself. Now you just have to sell yourself and get somebody to hire you on for their individual projects. And if you get two or three or four of those part time small office.
Things you can actually have an entire business based on five or ten clients pretty easily. Okay, there you go. And, uh, I think if you listen to episode 58, you’ll still get a few more ideas. Yep. Go check it out. Okay, so let’s move on to the next question. So, Michael wrote it and he said, I’m 58 years old.
And I don’t have any substantial experience with cybersecurity, and I’m willing to devote at least 10 years to this career. Am I a good candidate for your Hired in 21 Days program? And is it even worth to try to get a job in cybersecurity? Which would be more beneficial, your course or a boot camp? So, uh, so many things in here in Michael’s question.
Uh, Jason, where do you want to start? So, uh, I’m going to take the second half of the question first, and then I’m going to push the age question to you, because, um, we come from a different background, as, as listeners, as frequent listeners to this podcast know. I come from the government. And the government sector, 58, is pretty young, actually, um, I will tell you that a lot of the folks, we call them the greybeards, because there’s people there that are 65, 75, 80 years old still working for the government or as a government contractor, and it’s very common in our space.
Uh, in the civilian world, maybe a little bit different, so we’ll talk about that when I get it over to you. But what I wanted to focus on was, um, he had mentioned the Hired in 21 Days program. I do want to mention that program no longer exists, um, that program, for those who are long time listeners, may have heard of it.
We offered that about two years ago. It was our masterclass type program, and it was a, it was kind of an expensive program to deliver, and that was one of the challenges, because if you’re trying to break into cybersecurity, uh, the program was like 1, 000 or 2, 000 to get into it, uh, because it took a lot of one on one time with Kip and Jason, and unfortunately, because we’re so busy doing a lot of our consulting work and, and our other businesses, um, It had to be a high price point so that we could dedicate the time to it.
And so we ultimately decided to do away with that program. It was very successful. The people who went through it did really well at all. I think everybody at this point has gotten hired. If not everybody, pretty much every, most people. Um, and what we ended up doing was we took all the videos and the asynchronous portion of that course and turned it into a Udemy course that you can get by going to your cyberpath.com/udemy. And you’ll be able to access that course. It’s now called Hired, or sorry, it’s called Irresistible. How to Become Irresistible to Hiring Managers in the Cybersecurity World. So, uh, now you can get that program for about 10 and I highly recommend it. Uh, we did that on purpose because we wanted to make it so that price was no longer an issue.
The old format of the program, it’s the exact same videos we had in that 1, 000 course. Really, the pieces that you’re missing out of that is that we took out the resume review that was conducted by Jason and Kip, because that took a lot of our time. We took out the interview portion that took a lot of our time, and we took out the group coaching call that took a lot of our time.
But all the asynchronous portions got put into this course. At retail, I think it’s 50. Usually it’s on sale for 10 or 15 on Udemy. So you can get that by going to yourstartupapp. com slash udemy. And I would recommend that because for 10, you’re going to learn a lot of information. Um, I’ll be honest. If you listen to every episode of our podcast, you’ll have all the information.
We cover everything. We’ve, we’ve done 115 episodes at this point or so. Uh, and so there’s a lot of episodes and a lot of content, but that course, we consolidate it down into about four to five hours of content. So it’s very directed. We spend a lot of time on resumes. We spent time on how to find a job.
We’ve spent time on resumes, we do it on interviews and interview questions, negotiations, and then what do you do your first 90 days on the job? So all that being said, I would still recommend that course. Now that course versus a bootcamp, there’s a big difference here. When you go to a cybersecurity bootcamp, generally what I’ve seen is they’re either one week, Two week, four week, or three month courses.
And depending on how long the course is, there’s more or less content thrown into them. The longest ones, that are actually some of the best ones, are run by colleges and universities and local community colleges, and they’re more like three month ones. And usually as part of that, you’ll get your Security you’ll get your CEH, you might get one or two other certifications as well, like Security and CISA, or something like that.
In addition to that, they’ll help you with resumes, they’ll try to help you find a job. What I have found is that they do a really good job on the training piece, they don’t do a really good job on the getting hired piece. And the reason is, most of the people who are doing this, they’re not practitioners in the field.
They’re college professors that are now teaching this cybersecurity course. And so it really is just certification training for the most part, is what I’ve seen. With a couple of extras thrown in. So it’s like, let’s get you your security plus and your SISA plus, and then teach you a little bit of Python scripting because you’ll need that on the job too.
And they go, great, you’re now a cybersecurity analyst level one, go get certified, go get trained, right? Um, so, so I don’t think they’re bad. The biggest problems I have with those bootcamps is they’re very expensive. They can be 10, 000, And really what you’re getting is two or three certifications. If you just go over to diontraining.
com, you can get those same certifications for about a thousand or 1, 500. So it’s like a 10th of the price because it’s asynchronous versus being in person. Now, the big benefit of those is if they, if you find a program that has a direct hire component to it, that can be useful. Uh, for example, I work with a company.
That’s a non profit called Persolas, uh, and Perskolas is for, uh, low income and diverse, uh, minority communities. And there’s about 25 branches across the U. S., including Chicago and Orlando and New York and things like that. And in those programs, they actually go through a three month program and they get their certification.
And at the end, if they graduate, they’re pretty much guaranteed a job because they’re partnered up with companies like Techstars and companies like SAIC and CSC and other, um, big contractors that need people. To fill jobs as a analyst, as either a cybersecurity analyst, or a help desk position, or whatever it is, based on the certifications and the part of the program you’re going through.
So if you’re in a bootcamp like that, where it’s almost like guaranteed placement, there may be some value, because it’s going to help you get that first job, which overcomes that whole experience issue that we’ve been talking about. So that, that’s the piece that I wanted to talk about. So which is more beneficial?
Um, They’re, they’re apples and oranges. It’s like saying, is an apple better than an orange? Well, they’re both good for different things, right? They’re kind of complimentary too, right, Jason? I mean, because the bootcamp is going to give you the hard skills. Uh, you know, I mean, that’s kind of ostensibly, you know, why they exist.
Although to Jason’s point, you know, you have to be really careful about, you know, which one you get into and, and, and ask yourself, am I paying the right amount of money? But our course is really designed to help you take, uh, yourself from, okay, I’ve got skills, uh, now how do I. Actually go about getting the job that I want.
So really I see it as complimentary. Yes, definitely. Um, and so that’s, that’s the second part of the question right now. The first part of the question, which is I’m going to throw back over on Kip’s world, because as I said, in my world and the government sector, we don’t really care how old you are, to be quite honest.
Uh, we have a lot of gray beards. Uh, we have a lot of old folks and a lot of the reasons for that. is because A, the government does not discriminate based on age at all. They don’t care about that, um, because we’re not a for profit business and we don’t really care about the idea of budgeting and things like that.
We care about who’s the best qualified candidate and often, that will be somebody who is 50, 60, 70 years old because they already have 10 or 15 years of experience. The other reason is a lot of our people come from the military and so they just did a 20 or 30 year career in the military. They’re now 40, 50 years old and they get out and they start their second career and they plan to do 20 or 30 years working for the government or a government contractor.
So they can very easily be 50, 60, 70 years old by the time they’re done. So Michael, my bottom line is on the government and contracting side, you’re not too old. Now that being said, let me kick it over to Kip to talk about the real world with banks and insurance companies and sports teams and all the other stuff that you deal with in the commercial sector.
Yeah. Uh, there are definitely going to be Portions of the private sector where you are going to be too old. I mean, and I don’t mean that from the perspective of they’re going to actively discriminate against you, they won’t. But the truth of the matter is, is that they will find ways to not give you an opportunity.
And I’m talking, uh, mostly about, uh, like the, the big tech companies, right? The Facebooks, the Apples, the Googles, uh. And again, they’re not bad people, it’s just that they really tend to hire, uh, younger folks, and they’re very savvy, so the chances that they’re going to actually say something or do something that’s going to prove that they’re ageist is, uh, very low.
So, um Now, if you’re, if you’re in your forties and your fifties and you want to work in one of those places, go for it. I mean, I’m not going to, I’m not going to suggest that you’ve not attempted to apply for jobs there, but I will tell you that my observation is, is that that’s not the best place for you to spend your time.
The better places are going to be, uh, in what I would call the more traditional, uh, private industries where, uh, uh, where, you know, it’s a company that does something other than cybersecurity. But they need cybersecurity people in house and, uh, and I think that’s going to be the better place for you. So let me give you some examples.
So, uh, I would, I would think about manufacturers. I would think about, um, places, uh, that are building things like, oh, uh, around here we’ve got companies that make, uh, that make glass panels. We’ve got companies, uh, I live in the Seattle area. We’ve got companies that are making, uh, parts for aircraft. That are going to go to Boeing for final assembly.
And so there’s this huge advanced manufacturing, uh, infrastructure here. And guess what? They’re handling, uh, trade secrets. Sometimes they’re handling defense information. And, uh, and, and what I have found is that those industries value. Uh, workers that bring a lot of wisdom with them on, on to the job. And you get wisdom from years of, you know, making mistakes and learning from those mistakes.
And I see a lot more, uh, recognition in those areas. So, um, So that’s, that’s my overall, uh, guidance to you. Um, and what else do I want to say? Oh, listen, uh, episode 100 of Your Cyber Path, I want you to go listen to it. And the reason why is because we talk about some very specific things that you should be doing when you’re writing your resume and when you’re going through the interview process to deflect the perception.
That just because you’re in your forties or your fifties that you don’t have the ability to change and, uh, that you are stuck in your ways and so on and so forth. So please go listen to that, that episode where we really, uh, explore this. Uh, uh, one thing I will, the last thing I’ll say before I hand it over to Jason is what you don’t want to do is pretend that you’re not in your forties and fifties because sooner or later, they’re going to meet you.
And unless you hire somebody to go. You know, masquerade as you in the interviews, um, they’re going to know. So don’t play weird games and try to hide it. That’s not good. Okay, Jason, what do you think, uh, about anything I said, or did you want to add something? Yeah, uh, two things that kind of popped in my head as you were talking.
Um, one is you mentioned, you know, Google and Facebook and Apple and those folks, right? And, um, in general, they’ve had this, you know, startup mentality for a long time. Um, they’ve all kind of been growing recently into more of the sustainability mode, right? Because they’re no longer the, the fresh startups they used to be, especially like Google, right?
Mm-Hmm. . Mm-Hmm. . Um, they were started back in the nineties. They’ve been around for almost 30 years at this point. Um, I, I think, you know, a lot of the reason why, like the government and some of the other contracting companies value old people or older folks is because old people. Yeah. Old people, older folks, , um, yeah.
58 is not really that old to be quite honest, but it is older in, in our working, uh, lifetimes. And I think they value that because a lot of those people are the ones who have been in that company for 10, 15, 20 years. And they’ve worked their way up. For example, uh, Google CEO, he started 25 years ago with Google and he’s worked up and now he is the CEO.
Um, and so, you know, if you were interviewing with him or for a very senior management type position, they’re going to expect some gray hair on your head or balding like me. Um, if you’re an 18, 19 year old kid, they’re not going to be like, Oh yeah, let’s make you the CFO of Google. Right. So there are positions that are going to need that, but the problem is the entry level.
And where you’re trying to break in is probably a lot more geared towards 18 to 30 year olds. And a lot of that is because they expect that they can pay less money to an 18 to 30 year old than they can somebody who’s 58, who probably has a house and a mortgage and maybe a wife and some kids and all that other stuff that goes into being a 58 year old person who’s lived on this planet almost six decades, right?
So I think there is some of that, you know, Hidden discrimination in their head that they think about. But I think as those companies grow up, and if you ask me this question in 10 years, I think you’ll see a lot more people in their 40s, working at these companies. So that’s the only thing I want to say is, you know, this, this advice is today, as we’re talking in 2023, 2024, makes sense, but it may not make sense in 2030 or beyond.
The second piece of that that I wanted to talk about, um, was that, you know, we, we had mentioned that perspective. Another place I see a lot of the older folks or the greybeards, as I like to call them, um, is. I see them in consulting. Um, so if you get a, you know, a degree and you’ve got a couple of certifications, you get a couple of years of experience, uh, and you go work at a company as a consultant and we’re billing you out at 200, 300, 400, 500 an hour.
When you show up, I really don’t want to see somebody who is clean shaven and 18 years old. I’m going to be really worried if I’m paying 500 bucks an hour to get somebody who’s 18 years old to tell me how to run my business. Right. So, um, that’s when somebody who looks more like me or Kip, uh, or somebody who’s, you know, 40 to 60.
Kind of hold some more weight because you expect a consultant to have years under their belt and more experience. And even if you’re brand new, the fact that you look like you have years of experience because you’re 58 is going to hold weight versus somebody who is 18. And they may be smarter than you, but you’re going to be the one who’s going to be the mouthpiece because you’re going to be like, you may have a team of.
You know, 18 to 25 year old people working for you, but you’re going to be the one the company’s looking to just because you’re the oldest person in the room. And so they’re going to expect that in a consultant type environment. So, so, uh, if you’re a young person, you may be, uh, you know, kind of shunned in the consulting world, but as an older person, you may be more accepted.
So keep that in mind as well. And again, this is one of those things that depending on where you’re going to be in the, in the cybersecurity industry, there may be places that really want you as an older people, uh, older folks, and people who just don’t want to deal with you at all because you are older.
And again, it is illegal to discriminate in the U S based on age. That being said, it happens all the time. They can use excuses like, oh, we offered you 10 an hour, and you said no. So you obviously didn’t want the job, even though we may have offered 20 an hour to the 18 year old next door because we wanted them to take the job and not you.
And so that does happen, but proving it, like Kip said, really hard to do because most people know what the rules are. All right, next question. Uh, and again, for more details on age, uh, age and ageism, check out episode 100. Which was a special episode with Kip and Jason, where we kind of went through, uh, I think it was our seven favorite clips from the last hundred episodes.
And one of those was specifically talking about as an old person, older person, what do you do to make your resume not appear like you’re 58 or 65? Um, in fact, the question we were answering in that one. That was from one of our students who happened to be, I think, 63 or 64. And he has gotten a job since that time now as well, using some of those techniques.
So keep that in mind as well. Alright, next question we have is from Gabriel. And Gabriel says they’re working as a customer application support and they’ve been doing that for about three years. And their goal now is to transition into a security analyst or similar Blue Team role. Uh, they’re wanting the best method in the market to convey their transferable skills as they’re trying to apply for jobs.
So really, this is all focused on how do you write your resume so people know you have the ability to do this job, even though you’re not doing the exact same job today. Right. So, uh, I love that Gabriel mentioned the keyword. Transferable skills. That is exactly what we talk about. We talked about it in our, uh, Masterclass, we talked about it in our Higher Than 21 Days class, we talked about it in our now Irresistible class, which is on Udemy.
Um, what you want to do is, you want to figure out, of the skills that you have, because you’ve already been working, in a different industry or in a different job role. Maybe in Gabriel’s case, application support. Well, that’s that’s an IT role. So it’s very close to cybersecurity. So you have to take an inventory of what have you been doing?
And then how can you position that? For the cybersecurity role that you want. Now, the first step there is you’ve got to know what cybersecurity role you want. Go get some job postings, maybe, uh, five or six from different companies, and look at them, you know, like, maybe even print them out on paper and spread them out on your desk and, and, and try to figure out, like, what’s common?
What is everybody looking for? Uh, and then ask yourself, is there anything that I know how to do that even, that resembles this, these things at all? And then, what you want to do is you want to paint that picture, right, in your resume. Maybe write a cover letter, and you want to, and you want to paint a picture.
So I’ll give you an example right now. Let’s go back to, uh, Uh, AMIN. So, AMIN was transitioning from nurse to cybersecurity. Oh my gosh, so many transferable skills. HIPAA, HIPAA, HIPAA, that’s all I heard. Yeah, right? So, the Health Insurance Portability, uh, and Accountability Act is a regulation that protects electronic personal health.
Information. Well, if you worked as a nurse on the floor with patients, you know all about that. But people like Jason and I, who’ve never done that, if we ever found ourselves on an information security team in a medical setting, we’d have to go study the, you know, the regulation and, and, and learn it as book knowledge.
Well, you already know it as a practitioner. That’s so powerful. That’s a huge transferable skill. Plus, you know how to do all kinds of other stuff. Like, you know how to read vital signs. You know, you know how to use numbers to make decisions. You know how to measure things that are difficult to measure.
All this stuff is potentially a transferable skill. So, um, application support, oh my gosh, yes, tons of transferable skills in there. But it all depends on what job it is you want. So, just like we said to, uh, uh, was it, uh, uh, Halema? Halima? Halima? I don’t see that one. Who was the first person? Oh, Halima, sorry.
Yeah, Halima. Okay, so we said to Halima, like, go and listen to episode 31 and figure out what job you want. Well, that’s my advice to Gabriel. Go listen to episode 31 if you don’t know what job you want. Then I want you to skip ahead to episode 47, because that entire episode is on how to use your transferable skills, how to identify them, and then how to position yourself.
And so Gabriel. That’s what you need to do. What would you add, Jason? Yeah, I, I think that’s, uh, perfect. And, you know, the fact that you’re working in customer and application support, uh, as I read that, I’m thinking that sounds like help desk to me or service desk, like level one support, which is great because it means you’re already dealing with something in the IT world.
And the more you’re writing your resume, Uh, as Kip said, when you’re looking at the job postings, you want your resume to start mirroring those job postings and you’re not lying, but you’re starting to say, well, this thing that I did relates to that. For example, um, did you help people install patches on their cell phones to make the applications work?
If so. That is patch management, which is a cybersecurity skill. Did you reset passwords? That’s authentication. That’s part of AAA, right? And so that’s a cybersecurity skill. And so a lot of these things you could start, you know, it’s not that you want to lie or stretch the truth, but you want to highlight what things you did that touch cybersecurity.
Alternatively, for those who are not in a desktop support role or something like this, we’ve had people who come from a marketing background. We’ve had people come from an accounting background and they’re able to highlight those skills to get into cybersecurity. We had one student who had a master’s degree and she was focused on marketing for the last 10 years and her last technical job was like 10, 15 years ago, but she was able to get a job with a company that does cybersecurity because they saw that and go, Oh, actually, you know what, in her resume, as we helped her rewrite it, she started focusing on how she can train people and how to get user acceptance done and how to do security awareness.
And so she got hired on in a role that was basically a cybersecurity training role. For this organization that does cyber security pen tests and assessments. So after they break into the network, they go, Oh, now we need to train them on what they should have done to prevent us from breaking in. And she was hired on to do that role.
And they were working on training her up so she could become a pen tester later on and join the rest of the company. So that was a way to break in and we call that the two step. She went into a cyber adjacent role. Being a trainer to get into the real role she wanted, which was a pen tester. I’ve also had people who are accountants and bookkeepers.
They have a great attention to detail. And so those folks make great IT auditors, because if you worked as a bookkeeping auditor, you can now work as a cyber auditor. It’s the same thing. It’s checklist. It’s, it’s auditing and making sure people are in compliance. So that’s kind of the way I look at these things.
And again, this is all about transferable skills, highlighting what you do and tying it back to the job post of the job you’re going for. Um, that being said, uh, Kip, I think you have the next question for me. Yep, I sure do. Okay, so, uh, this came from Chris, and Chris says, I’ve got a gap in my resume for two years while assisting my family with a terminal illness.
I do have some past experience working on a cross functional cybersecurity team at a major technology company. Fruit company. Hmm. Wonder which one that could be. Uh, how do I deal with the gap? Okay. So, Chris. Yeah, so now I’m worried, uh, or wondering, is this a fruit company, like somebody who packages fruit, like Dell and Del Monte?
Or is this a fruit company, meaning Apple? But either way, uh, it doesn’t matter. The thing is, you had experience as a cross functional cybersecurity team member, so you’ve got the experience. Now the only thing you have is this two year gap. Now, in the old days, a two year gap Would have killed you, right?
It was really hard to explain away. Why did you go away for two years? And I think, uh, the fact that you obviously, since you’re asking us in a public environment, um, you’re probably opening up front about the fact that you were gone because of this taking care of somebody with terminal illness, right? Um, and I think if you’re in.
In a job interview, um, and you told me that as a hiring major, I’d be like, Oh, totally makes sense. No problem. Um, and I don’t know if Chris is a guy or a girl based on the name Chris, because I know many Chris’s who are guys and many of their girls, Chris could be Christina, Chris could be Christopher. Um, but if you are a woman, uh, it’s really common to have gaps in your resume because at least in America, Women tend to be the primary caregivers.
So in my family, if my child got sick, who’s staying home with that child? Most likely my wife. It’s not going to be me because I’m too busy out there working. And that just usually happens because in general, in our society, men tend to make more than women. And a lot of that is because of women take these times out in their, in their career.
Um, I’ve seen this also happen where people take a year off because they got pregnant and had a baby and they wanted to spend time with their baby before going back to the workforce. In any of these cases, it’s okay to take a break, right? As long as you can explain why you did it and make it so it’s not just, eh, I decided I don’t like my job and I decided to travel around Europe for the next three years.
Right? What did you do that was valuable during that two years or three years? And in your case, you were taking care of a family member who had cancer or something else that was on their deathbed and you were the primary caregiver. So that is totally fine. Now, what I would say is that if you haven’t done anything since coming back, uh, I’m assuming based on the way you wrote the question, uh, unfortunately, it sounds like that family member has probably passed, uh, because you’re now looking for work again.
Uh, and if that’s the case, my console is with you. Uh, if they actually overcame it. Even better. Um, but in either case, you know, now that you’re ready to go back to work, uh, what can you do to say, okay, that is behind me. And now I’m ready to move forward again. Uh, one of the things I’ve seen people do is show that they’re back in the industry by getting a new certification.
And it’s not that the certification itself is helpful, but the fact that it goes on your resume and it shows 2023. Earned MySecurityPlus shows me you’re back in the game and you’re ready to work, right? So something like that would help. If nobody’s giving you a chance to get into a new job again, go get a certification or two to show you’re back in the market and ready to go.
Um, the other thing is, as we talked about earlier, you can volunteer with somebody who needs those type of skills until you get back in the market. Um, but honestly, I don’t think you’re going to have as big of a problem as you think you are with the two year gap, because there was a lot of people who took a one or two year gap in 2020 and 2021 because of COVID and the lockdowns and schools being closed and all the kids had to go home.
And guess what? Somebody had to stay home with them while they’re doing that online learning. You couldn’t leave the kids. If you have a five and a seven year old, they’re not sitting at home all day. Well, you’re at work. So we know that happened, right? And if this time period, it sounds like was kind of in that 20, 2021, 22 timeframe, that last two years, that was a pretty common time that a lot of the world took a break.
So I don’t think it’s gonna be as big of an issue as you think it is. Um, and I would really just. In your resume, there’s probably certain things you can write and I’ll defer to Kip on that one. Um, but I know gaps in the resume used to be a deal killer for a lot of people. These days, it’s just not as big of a deal as it used to be in my world and what I’ve seen.
Kip, what are your thoughts? Uh, I agree with the things that you’ve said and what I specifically want to add to it is how do you represent it on your resume? So here’s my opinion, and it is just an opinion. I know other people are going to have different opinions from this, but since you’ve, since you obviously are, you know, you care about your family and you want to be there when they need you, that could happen again.
So what I want you to do is I want you to actually put it on your resume. I don’t want you to try to hide it. I don’t want you to use like a functional resume format so that you can try to bury, you know, the fact that you had a gap. in, uh, you know, in, in a long list of projects and so forth. Okay, don’t do that.
Please. I, I would encourage you to be upfront about the fact that you have this gap. Here’s exactly why you did it. You don’t have to give details, right? Just, I think the amount of details you gave in the question that you asked is just fine. Because here’s the thing. If a hiring manager is not going to want to, uh, give you an interview because they don’t like that you did that, You don’t want to work for them.
Do not take a job at a place where they don’t respect what you did, because odds are, you’re going to want to do something like that again, because you want to be there for your family, I applaud that, but you don’t want to work at a place where they’re not going to be supportive of that, okay? So, uh, so please, don’t try to deceive anybody about that gap.
Just be honest and upfront about it, and then let other people decide if they want to work with you or not. So Kip, if I was writing out my resume, and let’s say it was, you know, 2021 to 2023, I was caring for my father who is dying of terminal cancer. Let’s just use that as the example, right? So I’m going to say, okay, I worked at the, uh, you know, U.S. Navy from this year to this year, and then now I have this gap, right? And then I, and now I’m ready to start looking again. Would I put in there, you know, October 21 to October 23, um, primary caregiver for terminally ill family member. Yeah, I like that. I like that. Yeah, so you don’t have to write it in a way that’s, um, uh, too informal.
I like the way you did it, right? That you, that you almost treat it like a job, right? And just the, the position is primary caregiver for terminal family member. Absolutely. And Chris, I’m sure it was real work. It was probably very rewarding work, but I’m sure you worked very hard and I’m sure you learned things in that time that you didn’t know before.
You probably learned new levels of patience. You probably gained tremendous insights into, uh, you know, what’s important to people. And we’ve talked a lot in this. Podcast over the episodes about how cybersecurity is not a technology game, it’s a people game. So if to the extent that you can position it as work experience, that would be helpful.
And then the other thing I would say is this isn’t going to help Chris because it’s already passed, right? But if this happens to somebody else in the audience and you are a working mom and you are pregnant, you’re taking off a couple of months because of the baby, right? Totally fine, but if you can control what you do during that time, so you have something to add to your resume, that can be helpful.
So what I’ve seen is a lot of people, if they want to take a year off because they want to have a kid and be able to be home with the kid for the next year, what a lot of women that I’ve worked with do is they’ll go back and sign up for an online college. So they’ll go get their bachelor’s degree during that year or two while they’re taking off.
So now it doesn’t look like a gap because they were staying home with the kid. Now it looks like a gap because they were bettering themselves and getting their cybersecurity degree or getting a couple of certifications or something like that. And that can be a way to use that year, that gap year, and not have it as a full gap.
It’s now a working and studying and getting myself better year. Um, again, Probably too late for Chris. And Chris, you may have done some of those things during that year. You may have done some CTFs or gotten a couple of certifications or read some books or done something to better yourself. And you can take credit for that in your resume as well.
So they know like, yeah, I was taking this time off as a caregiver, but I also was going to school during that time and got my degree, right. And I don’t know if that applies in your situation, Chris, but for others out there, that’s another way, if you’re really worried about this, it’s a good way to mitigate that by doing something else during that time as well.
Um, I’ve seen this a lot actually, uh, as a military person, a lot of military spouses got drug overseas with their husbands, right? Or their spouse, uh, it could be wives as well. I have a friend who is a military officer who’s a woman, and her husband had to keep taking breaks in his career two years at a time because they were in Maryland.
And there was a job there. And then he went to Italy, and he couldn’t work in Italy because he was a spouse. And you couldn’t work in Italy because you didn’t have a work visa. So for two years, he didn’t do any work. And then when he came back to the States, everybody’s like, why didn’t you work? And he’s like, well, during that two years, I went and got my degree done because I literally was not allowed to work because I was living in a different country.
With my wife, and I didn’t have the option because I didn’t have a work visa, because Italy won’t give work visas to military spouses. So things like that can happen. If you can explain it, that’s all I need to hear as a hiring manager. And it’s not that you just took two years off or you were working someplace for two years and you’re lying to me because they fired you and you don’t want me to know about it.
And that’s really what people are thinking about when they see those gaps is what did you do during that two years? Because everybody did something. Uh, it may have been that you backpacked around Europe for two years, and that’s okay. Um, but just be honest about it and the reason why you did it. Hey, I took two years off because my spouse was stationed overseas and we wanted to make the most of it.
And I’ve had people do that too. And that’s fine as well. Uh, the next question, we got two more for you in this episode. I know this is kind of a longer episode, but hopefully we’re getting all your questions answered and you’re finding it valuable. Uh, the next one is from Rajiv. I think I’m saying that right.
R A J I V is his name, uh, or her name, um, because I’m actually not sure if that’s a woman’s name or a man’s name, to be honest. Uh, and the question really revolves around imposter syndrome. Uh, they want to know what recommendations we have for anybody who’s struggling with imposter syndrome when they’re getting into their first entry level job.
Uh, and imposter syndrome, it’s real, right, Kip? Um, you know, what is imposter syndrome for those who don’t know? And then what do you think, uh, Rajiv should be doing here? Yeah. So, um, first let me describe what imposter syndrome is. You’ve probably, everybody’s probably felt it. In fact, um, research shows that like 70 percent of people will experience at least one, uh, intense, uh, you know, imposter syndrome episode, uh, at some point in their life.
I’ve definitely had it. Me too. And as I, and as I described this, I think more people who right now are saying, I don’t think I’ve ever had that. We’ll go, Oh yeah, I guess I did. Um, it’s. It’s one, one way that you might experience it is you feel like a phony. And even though you’ve had some success in your job or in previous jobs, in the job that you’re in now, you’re feeling insecure and you’re like, Oh my gosh, you know, it’s just only, you know, they’re going to figure out any minute now that I’m a complete fraud and I’m going to get fired, right?
This is a very irrational. Believe. For most people. Um, but, imposter syndrome can have a real effect on your performance on the job, because even though it’s irrational, if you believe it, or if you pay attention to it, it can absolutely, uh, affect your ability to get things done. Uh, let’s just give one quick example, right?
So let’s say you’ve been working in a cybersecurity role for a couple of months, but when people You know, mention your job title, you might feel this wave of, uh, of, of, you know, awkwardness wash over you because you’re like, Oh, I just got this job two months ago. I haven’t really earned that job, that title yet.
That’s not true. You have earned it because you’ve got the job, you know? So, um, that’s just one example. Okay. Now, how do you deal with imposter syndrome? No matter how you’re experiencing it, no matter how you’re, uh, you know, you’re dealing with it right now. Well, What’s the source of imposter syndrome?
Usually it’s self belief. There’s something about a belief that you have about yourself that is the source of of this problem. It could be an insecurity that you have that you maybe you picked up When you were younger, from a teacher, or from a friend, or a parent who wasn’t as supportive as you wanted them to be.
Um, and, uh, and so if you’re really struggling to identify, like, why am I feeling imposter syndrome? And if you really want to get to root cause, you probably should go and see a counselor. And there’s no shame in doing that. I’ve done that. I’ve done that many times in my life. I’ve gone to a counselor because I was trying to, uh, figure out, like, why do I keep doing this?
This is a very, you know, not helpful behavior that I’m in. How do I get, why am I doing this and how do I get out of it? Um, but here are some things that you can try if you’re not ready to go to a counselor, if you don’t think it’s that serious. Uh, the first thing is, uh, just Take small steps. Don’t make great leaps on the job to something new and different that you’ve never done before.
Uh, you want to build confidence, and then that will help deal with your imposter syndrome. So don’t try to do things perfectly, just try to break it down into small pieces, uh, you know, that, that you can, uh, get done. Uh, don’t compare yourself. to other people is another thing that’ll be helpful if there’s somebody on the job that has the same job title you have and they’ve been there for five years it’s silly for you to compare yourself to them there’s just no way that you’re going to measure up uh because this person just has more experience than you that’s all right there’s no reason for you to feel insecure about that um It would also be helpful if you just accepted your feelings, rather than pushing them down and denying them.
Just accept it. Yeah, I’m feeling insecure right now. I’m feeling like an imposter. You know, just like, speak it and let it go. I have found that that, that that really, uh, can help me. And, um And I guess the final thing I’ll say before I turn it over to Jason is don’t let this hold you back. Like, I, I think you should categorically refuse to let it hold you back.
I’ll tell you a quick story. I had imposter syndrome one time and I looked around the room and I, and I, there was many of us in the room and I, and I looked at this one, uh, other person in the room and I said to Well, If he can do this, I certainly can do this, right? I mean, it just took that one little, you know, uh, inner monologue for me to say, I may not feel like I’m totally up for this, but if he can do it, I know I can.
And that was enough to get me through that episode. So, um, so I hope that thumbnail sketch of what imposter syndrome is, how a lot of people experience it, some of the things you can do about it. I hope that’s helpful. And, um, okay, Jason, what do you think of what I said? I agree with everything you said, uh, and including the counseling part.
Uh, counseling is helpful, especially if you need it. And there’s lots of areas in our life that we can use it for. Uh, I will tell you that I go to counseling, uh, and have for years. Uh, in fact, I was there two days ago, as you know, Kip, because you were like, Hey, where are you at? I’m like, I’m at counseling.
I’ll deal with you later. Uh, cause I can’t take your call right now. Right. Uh, and that’s totally fine because we all have issues we need to deal with. Um, I will tell you for me with imposter syndrome, I get it a lot less about my technical ability. Um, because even though to me it’s more black and white with technical ability, right?
Like either you know it or you don’t know it. Uh, and you know how to do it or you don’t know how to do it. If you don’t know how to do it, that’s okay. Just say, I don’t know, but I’ll figure it out, right? And, and I think that’s something that I was in the military for, for, uh, you know, several years. And one of the things I learned early on was if you don’t know the answer, that’s okay.
But it’s your job to figure it out. Right? And so I was a Navy nuclear reactor operator, and that’s really pushed into us in our programming and our training, that if you don’t know the answer, you should at least know where to look and go figure it out and find it. And so I’ve got very comfortable with your saying to bosses when they’d say, Oh, hey, Kip, I need you to do X, Y, and Z.
And I’d be like, um, I don’t know how to do that, but I’ll figure it out. Uh, I think I’m going to go here, here, and here to do that. Does that sound right? And they’re like, uh, yes or no. You’re a little bit off. Go to A, B, and C, not Z, X, and Y, right? Or whatever it is. Um, and so, you know, you can get those little guidance.
Um, the place that I always felt most vulnerable in this whole imposter syndrome area is, uh, with my company. Um, so, You know, I, for those who don’t know, I actually sold my company Dion Training earlier this year or earlier last year in 2023 in May of 23. And I sold it to another company and I still work there, but I am no longer the CEO.
And when they were buying us, they said, do you want to stay on as CEO? And I said, no, I want somebody else to come in CEO because I don’t think I’m good enough at it. Right. I don’t know what I’m doing. I’ve never, I don’t have an MBA. I’ve never been a CEO before. The only reason I’m the CEO of this company is because I started the company.
Otherwise, I don’t think anybody would have hired me for this job. And so I want to bring in somebody. And when they started bringing in people for me to interview, I was like, I didn’t even feel like I was qualified. And I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot because I still feel that way a lot You know, I was able to, and, and honestly, the new CEO that’s in place, she’s been doing a fantastic job.
She’s awesome. I love her. Uh, and I’m really glad that we brought her on board. And like, I tell her all the time, like, I really felt like an imposter as the CEO. She’s like, what do you mean? You built this company up to this level to the point where somebody else wanted to buy it and you were able to make this kind of money and all this kind of stuff.
She’s like, you should not feel like an imposter. You did it right. And she’s like, you may not have the education, but you figured it out. Um, and I’m like, Oh yeah, you’re right. But I still feel like an imposter. People ask me like, well, what should a CEO be doing? I’m like, I don’t know, like what should I do on a daily basis?
I don’t know. Um, and so it is something that I struggle with personally. Um, and, and as Kip knows, I’m the CEO right now of Accolade, which is the certification company that comes out with the CCRP and CCRF certifications. And I still feel very uncomfortable in that role. Like I feel very comfortable in my ability to be a cyber security instructor, to be a cyber security consultant, to be a pen tester, to do all that technical stuff.
And even to write the certifications and create the certifications and lead that brand. I don’t always know what I’m supposed to be doing as a CEO because I feel Unequipped to do that. And I think one of the things that would help me in that role is either A, like you said, accept it, or B, go get some additional training, right?
I’ve thought about going back and going and getting an MBA for my local, uh, college here, University of Central Florida. Um, and I could do that and I would probably learn some things. It’d be helpful to me as a CEO, but right now I’m just so busy with everything else I’m doing. I don’t have time to do that and to, you know, take off two or three hours a day to go to school, but I think that would be helpful.
Or maybe I can go take a bootcamp. Or get a mentor or something like that in that area to help build up in that area that I feel inadequate in. Because really, imposter syndrome is really you feeling inadequate more than it’s an external problem. And most of the time, we’re our harshest critics. We think we suck a lot more than anybody else thinks we suck.
So, uh, keep that in mind. And Rajiv, uh, you probably have the skills to do the job. I don’t think that’s going to be a problem for you. And if you feel like you’re really, like if you’re falling down on your face at work, Go get the skills you need. Technical skills are easy to overcome, but I honestly think this is more in your head, and it may be, like Kip said, a little bit of counseling, a little bit of talking with other friends, talking with some co workers may help you feel more, um, built up.
I, I think that can help you as well. Talk to somebody safe, right? Don’t talk to somebody who might actually turn that around and use it against you. That, that would not be a good idea. Okay, so there’s, there’s our, uh, perspective on imposter syndrome. Now we have one more question. I think this is going to be easy breezy, lemon squeezy, as my daughter says.
So, Franco’s asking, what happened to the masterclass, I’m changing careers from, from entertainment into cyber security, Kip, Jason, do you still have that masterclass? And yeah, so, uh, before you even go into the answer there, uh, we’ll start out with Uh, the masterclass could be referring to a couple of different things, uh, depending on how far back Franco went in the YCP podcast.
And my guess is since he used the term masterclass, uh, he’s probably referring to the one that Kip used to have before Jason was ever involved in YCP. Uh, if you go back to, I think episodes one through 10, you mentioned this masterclass a lot because you started the YCP podcast back in 2020, uh, and it happened to coincide You started the podcast and like weeks later, COVID happened, right?
Um, and so you delayed your masterclass for a while and, and can you talk a little bit about what that masterclass was and then how it evolved into something else and where it is today? Sure. Yeah. Uh, okay. So here’s the quick rundown. So, um, I had been. Asked many times over years and years and years.
People would just grab me by the elbow, no notice. And they’d say, my nephew, my niece, my brother in law, whoever, somebody important to them, uh, wanted to get into cybersecurity. What advice did I have? And I always felt like, uh, you know, being caught off guard like that. I just really wasn’t prepared, and so I would give them the best answer that I could, and I’d go on my way, and I’d feel like, gosh, I really wish I had something better to offer them, but I just wasn’t ready for that question.
So, after having had that experience for years and years, I finally said to myself, okay, I’m not going to do that anymore. I’m going to be prepared. So I went on the internet to look for somebody that I could say, Hey, you need to go read, you know, Jane’s blog, or you need to go listen to Joe’s talk on, you know, how to get in.
The problem that I found was there was nobody on the internet talking about it the way I wanted to talk about it. As, as in, I’m a hiring manager, let me tell you what it’s like on the other side of the table. Um, there are lots of well meaning people out there. That were saying great stuff, but just nobody was being the hiring manager.
So I said, all right, I guess I’m going to have to do it. So I started a podcast that led to the masterclass because what I realized when I started the podcast, I started talking to all kinds of people. And. And I just started hearing some very common themes, and so I started collecting those, and then, okay, now I had this huge list of questions that people had, and they wanted answers to them.
So I made the answers, I built a class, and that’s kind of where it started. And then, uh, Jason and I became partners, and then that initia uh, initial masterclass turned into Hired in 21 Days, and we did that for a while. And then, uh, As Jason mentioned early on in the podcast episode, um, that became something that we didn’t think was really going to work over the long haul.
And so then we transferred it into a course that you can now get on Udemy called Irresistible. Now, uh, it’s still answering the same questions because you know what we found is that the questions that people are asking are perennial. They, you know, anybody starting their journey is going to have the same questions as what we found.
People who are trying to accelerate their career. Uh, are often dealing with the same questions, they just don’t know it. So, um, anyway, so that’s what happened to the Masterclass. Uh, it evolved and it is now this really amazing course on Udemy that costs a fraction of what we used to have to charge. Yeah, so the old Masterclass was, you know, 1, 000 to 2, 000.
The new one is 50 at retail and usually it’s on sale for 10 or 15 or 20. So it’s much cheaper, much more available. And we did that specifically because we wanted to make sure It’s That we can deliver the value to you that you need. Just like we do in this podcast. We create this podcast as a completely free resource.
We don’t charge you for it at all. There are paid podcasts out there. We’re not one of them. We’re not ad supported. You don’t hear a bunch of ads and mid roll ads and all that kind of stuff today. Uh, and for the first hundred or so episodes, we have not done any of that. Uh, and specifically it’s because we want to help you.
And the reason I got involved in this, uh, is similar to Kip. I was getting asked. All the time. How do I do my resume? Where do I find a job? How do I do my interviews? How do I do my negotiations? All that kind of stuff. And, uh, as those of you who know me from Udemy and other places, I have about a million students around the world, across 190 plus countries.
There’s no way I can answer all those questions myself. And so I had looked at doing my own course on. How to get hired and how to do your resume and how to do all that stuff. And before I tell you, you know what, there’s probably other people out there doing that. And I looked across the industry and I evaluated probably 15 or 20 different courses.
And Kip’s was one of them, his, his original masterclass. And I liked his the best because it took it from the side of the hiring manager. And most of the other people I found out there that were doing this were people who never worked as a hiring manager. So they didn’t know what a good resume was. They didn’t know what interview questions were gonna be asked.
Most of these people I found We’re anywhere from 21 to 35 years old. So they were younger and they were in their first or second cybersecurity job. Like, well, this is how I got my job. It’s like, well, yeah, but you also got hired during 2020 and 2021. Uh, when it was like the boom in the industry and anybody who put their name on a piece of paper would get hired because there’s such a hiring boom because everybody moved online and we needed people.
And that’s why I really liked the way Kip did his program and the reason why I focused on it. And I come from the hiring manager background as well. From the government space, but I didn’t have a lot of the commercial sector experience and Kip had all that commercial sector experience and hasn’t worked in the government in 20 plus years.
So for us, it just became this perfect marriage between his commercial sector side, my government and defense contracting side, putting this together, we’re able to cover most of the questions you would have in the US and Canada. And then I also have a. pretty good exposure outside the U. S. because I’ve worked in Japan, I’ve worked over in the Middle East, I’ve worked in South America, I’ve worked in Europe.
Um, and so I’ve have a little bit of that as well, but not nearly as much as like a hiring manager in those areas. Because again, I was working for American organizations doing that, but, but that’s why we came together to build this. And that’s what happened to the masterclass. It evolved. And if you want to get that, you could find that at yourcyberpath.com/udemy. It’s a great course, highly recommend going through it. And if you know anybody who’s trying to break into cybersecurity and you know, it’s your, For instance, my kid is now out of high school and looking for his first job. And I’ve made him go through that course because he needed to learn how to write his resume because he’s trying to get a job in IT and cybersecurity.
And so it’s great for all of those type of people and that’s what we use it for. So that’s what happened to Masterclass. Long story short, it’s now the irresistible course on Udemy that you can find with Kip and Jason in it. So that being said, this was a really long episode where we covered your listener questions.
So I want to thank Holoma, Amin, Zin, Michael, Gabriel, Chris, Rajiv, and Franco. And I hope I said your names right. If I didn’t, I do apologize. Um, again, the, uh, the, uh, American in me has a really tough time with names that aren’t just like, you know, the standard traditional white guy biblical names, right? Um, so I, I, I try my best, but I am a standard white guy and I do struggle sometimes.
Thank you. Uh, and if I say your name’s wrong, please let me know. Just shoot me an email at, uh, kip at your cyberpath or, uh, yes, or support at your cyberpath. com and they’ll get to me and I could see it. Uh, and if you have a question for us, you can always ask that. at YourCyberPath. com slash ask. So go ahead and ask your questions there and we’ll answer them in a more timely manner than we did this time.
We have systems in places now, so we can gather those questions and get those answers back to you much quicker. So that being said, I want to thank you again for listening to another great episode of Your CyberPath. We’ll see you next episode where we’re going to talk all about the SDP principle number 10 as we finish out that series.
It’s going to be a great episode to finalize out our secure security design principles. So we look forward to seeing you then. Thanks all and see you next time. See you later, everybody.
YOUR HOST:
Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!
YOUR CO-HOST:
Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.
Don’t forget to sign up for our weekly Mentor Notes so you can break into the cybersecurity industry faster!