In this episode, we get to learn about our guest’s inspirational story as he went from truck driver to Cybersecurity Analyst in less than 15 months.
Mike Hillman, former truck driver and current SOC Analyst, goes over his exact roadmap to transition into Cybersecurity without any previous experience, the certifications he acquired, and the courses he took.
Jason and Kip share with us how hiring managers think when they are looking for a new hire and highlight some of their tips to get hired with no experience.
You will also learn that it takes more than just certifications to have a successful career in Cybersecurity. Having hands-on experience, as Mike mentions, is helpful and that if he could turn back time, he would start hands-on practice from Day 1.
Kip Boyle:
Hi everyone. Welcome to Your Cyber Path. Glad to have you back for another episode. My name is Kip Boyle and I’m here with Jason Dion, my co-host. How are you doing, Jason?
Jason Dion:
I’m doing great, Kip. How are you doing today?
Kip Boyle:
I’m doing really, really well. I’m thinking about the fact that I’m going to meet up with you again here pretty soon in Orlando and we’re going to actually do what we’ve been talking about doing lately, which is record-
Jason Dion:
Yeah, the risk management framework course.
Kip Boyle:
That’s right. Yeah. Get that thing recorded so we can share it with everybody, get it up on Udemy and help people wrestle with this monster NIST risk management framework. And I got to tell you, it’s been a kind of a heavy lift for me since I’m not that familiar with it.
Of course, you’re a lot more familiar with it and we’ve gotten help from a couple of really smart people. We’re going to be including those folks in our class and you’ve actually done RMF implementations. The two people who are helping us have definitely done a lot of implementation
So I love the fact that we’re going to bring such a real world perspective to this kind of abstract dusty little document.
Jason Dion:
Yeah. And it’s one of those things that I think the reason you haven’t done a lot of RMF in the real world is because you don’t do a lot of the government contracting and government workforce stuff. And RMF is so tied into that area versus the commercial sector, which really focuses more on this cybersecurity framework or the NIST CSF course that we did earlier this year.
And I think these two, just they pair up really well together because RMF works really well with CSF and it really does give you a different perspective on how things work. And I really am appreciative to having Rebecca and Drew help us with this course that both of them are or will be guessed on this podcast as well.
Drew, I know we recorded that episode, I think was last week or week before. Rebecca is coming up next week. And in the next couple of episodes, either right before or after this one, you’ll be hearing from both them add some of their knowledge on RMF as well.
Kip Boyle:
Definitely. So yeah, anyway, that’s kind of what I’ve got in my mind. But today we’re going to do an episode, we’ve got a guest, his name is Mike Hillman. And I think I’m going to call this episode, which I think is going to be 82.
I think we’re going to call this Truck Driver to Cybersecurity Analyst because this is a fantastic story we want to share with everybody. Very inspirational. Mike has done something really great for his career.
We want to talk about that. We want to put a spotlight on Mike and we want to show you what’s possible when you really want to do something, when you’re really focused on getting into cybersecurity, wherever you come from, you can do it. Yeah. Mike, welcome.
Mike Hillman:
Right. Thanks for having me guys.
Jason Dion:
Thanks for joining us, Mike. Yeah. Mike had reach out to me and he had told me his story and I said, “You know what, if you’re willing, I would love to have you at our podcast,” because I think a direct quote from Mike in the messages when we were chatting back and forth was, “Well, hey, if I could do it as a truck driver, anybody could do it.”
Because we always hear people say, “I can’t get into cybersecurity. I don’t have experience. No one will return my calls. No one gives me a chance.” And then Mike reaches out, he is like, “I did it.” So I wanted to talk a little bit more about that with Mike and I figured if I was going to learn from him, I figured everybody else in the audience could learn from him as well.
So the first thing I wanted to ask Mike is, tell us a little bit about your last position and why you wanted to move out that and into cybersecurity.
Mike Hillman:
I was a construction truck driver. I drove a flatbed truck, that 25 to 27 foot truck. I delivered construction equipments all through the city I lived in. I did it for about two years. Prior to that that I was also a truck driver again, for FedEx this time.
So my whole walk from graduating high school to off at the last year, I knew nothing but driving trucks. Right. That’s all I known. That’s all I ever did. I wasn’t just genius, I just decided to drive truck, but you know what, I’m excited doing this instead from back then.
Jason Dion:
Yeah. My cousin actually has been a truck driver for about 30 to 40 years now. He used to do over the road trucking, which is where you can make a really good living, but you’re away from your family all the time. And so he then moved to in town trucking, which sounds like what you were doing.
Doing a lot of deliveries for things like Home Depot and Lowe’s driving things from the distribution center to the grocery stores and stuff like that. But what he found was when he started working locally, he made significantly less money, like 25% of what his old salary was.
And he’s constantly looking for, what is the next thing that he’s going to get into? And he loves truck driving. It’s a great job for him. But yeah, it’s one of those things that the money to be made is where you’re over the road and away from your family a lot.
So I know a lot of truck drivers are like, it’s a hard life. And even I’ve heard a lot of things recently in the news where they’re having really bad shortage of truck drivers because every one person that’s coming in the business, there are two people leaving the business at the same time.
So it is a very difficult job. So when you were looking at moving into cybersecurity, why did you decide cybersecurity? I mean, there’s a million other jobs out there. What about cybersecurity was drawing you to it?
Mike Hillman:
I have a friend who’s a network engineer and he’s the first person I went to when I decided I wanted something different, which I could tell you the exact date I decided I wanted something different. Yeah, it was May 28th of 2021. It was the exact date. I remember getting done work and I called him, I said, “Yeah, this isn’t for me.”
So I had a rough day at work I believe, this isn’t for me anymore. So I called him and he told me, “Oh yeah, should be a network engineer. It’s a fun job.” And he had me come over his house and showed me what he did day-to-day. And it was interesting, but I was like, “I don’t know if that’s something I like to do every day.”
It’s something very stressful, but it seemed, cybersecurity is very stressful, but his specific job was dealing with a lot of trouble tickets at the point. But it just seemed like not something for me. I was like, “What other careers are out there?” And he’s like, he broke it down and said, “You can become a developer. You can do cyber security.”
And as soon as he said it to me something just hit. And I was like, “What’s that about?” He showed me a video on YouTube of, I want to say his name is Nathan House. I think I got it right. Well, actually. Yeah. He showed me a video of him in YouTube and I assume he was just doing certain stuff. He was just breaking down certain careers and I fell in love with it right there.
It felt like more of a battle instead of work, where I’m constantly fighting for something. I’m constantly keeping guys out of this thing or instead of just… And another thing about the career is just, it wasn’t the same thing everyday. It’s not.
I learned that now, now that I’ve actually got the job. I had my trucking rail, I knew on Tuesday, I knew what I was doing next Thursday. And in this job it’s like, it’s 2:45 now and 10 minutes I could be losing my mind over something completely different than I was.
I was all calm like just now or I’m on this call with you guys, 20 in an hour I could be doing something completely different. I’m learning something new every day. And that’s what really brought me to it.
Jason Dion:
Yeah. I feel like that’s one of the things I really love about cybersecurity is that the industry is always changing, it’s always evolving. You’re always having to upskill and you’re facing new challenges all the time.
And even on a daily basis, you might come into the office thinking you’re expecting one thing to happen and then you find out that there’s been some back down, your network got broken last night and now that entire plan is out the window because now you’re fighting the fight. And it can be very exciting, but also very stressful, as you said.
One of the things that I think that is really interesting is that it is that different thing that you get every day and different skills and different challenges that you face. So it does keep work a lot more interesting than having to punch a clock from 9:00 to 5:00 every day doing the exact same thing over and over and over again.
I get very bored very easily if I have to do the same thing a million times. So yeah, I would go crazy being a trucker doing the same route every single day.
Mike Hillman:
There’s nothing wrong with that. If that’s what you like, that’s fine. Some people, especially for me, that just wasn’t something that I see myself doing 10, 20 years down the road.
Jason Dion:
Yeah. And the other thing you had mentioned was Nathan House’s stuff on YouTube. For those who don’t know Nathan, he is really big in the cybersecurity area. He does a lot of courses that are extremely hands on. So when you take one of Nathan’s courses, you can find them over at stationx.net. [inaudible] com. I’ll verify that. I think it’s stationx.net. Yeah, it is .net.
So if you go to stationx.net, he has a lot of great courses there. So he is got courses on how to use Nmap, how to use Metasploit, how to use Kali Linux, how to use Wireshark and just really dives in deep in each of those different tools to help you build up your skillset.
In addition to that, Mike, what other kind of classes or search or degrees did you do to help get yourself from, “Hey, I’m a license commercial truck driver into somebody needs to hire me as a cybersecurity analyst.” What was kind of that path for you as you tried to make that transition?
Mike Hillman:
I started off with just going to my friend’s house every day that I could and him just break some stuff down for me. And then I definitely did enough research of a roadmap. I made a roadmap for myself. I started off with the A+ certification. I got that and I got these all in three months too, from the A+ to Security+. And I don’t recommend. I do not recommend-
Kip Boyle:
Was that a big load? Was that like our heavy-
Mike Hillman:
So much. Oh my God, it was just constant. I was like, I felt myself burning out and I definitely told myself I had to relax because I didn’t even start working now, I feel burn out. So I start off with A+. I did that. I used a Udemy course.
I can’t think of it off the top of my head right now, but I use Jason Dion’s practice for that. And then I wanted Network+. I used Foresight, I thought it was for those, the A+. And then the practice test that I used Jason Dion’s course for Network+ and then Secure+.
So I did the A+ first, the Network+ second, then the Security+ I eventually got in March and that’s when I calmed down a little bit for certifications and I started working more of on the hands on approach of trying to do something because I was just learning terms and reading books and watching the videos and I wasn’t getting a lot hands on on stuff.
Jason Dion:
Yup. Yeah, I think that’s a great point. Two big key takeaways there, right. You did a lot in a three-month period, which is good and bad. The good thing is you really focus, you get through it really quickly.
What I find is when you start dragging it out and starts taking six or 12 months, you start forgetting things that you learned in the first week by the time you get to the end of month three or four. Right. And so doing it in a quicker compressed time does help you pass the exams.
The challenge with that is when you’re in a very compressed time like that, you’re getting just overloaded with information and you don’t have a lot of time to really implement that information and do the hands on thing.
So as you’re taking Security+ you’re learning about the CIA triad and you’re learning about encryption techniques and all that, you probably didn’t have time to stop and do all the hands on stuff of how do I set up a SSL or TLS cert for a web server and how do I configure asymmetric versus symmetric key encryption, things like that.
Whereas after you got the search, you do that, go back and kind of plug in those holes or those experience gaps. I know when you had emailed me, one of the things you had told me was you had taken some of John Strand’s courses. He’s been a guest on the podcast as well. I know, Kip, you’ve known John for many years.
Kip Boyle:
Yeah.
Jason Dion:
John was really big in a lot of the hands on courses as well. And I think the one you took was the SOC Skills Course, is that right Mike?
Mike Hillman:
Yeah. SOC Course Skills. Yup. That was first thing I did after Security+ because I did a lot of research on what I should do now. I was kind of stuck after Security+. I was like, “Oh okay, now what do I do?” It was just, didn’t know what to do.
But I had that roadmap for myself where I like, three to four months doing that and I had nothing after that besides trying to find a job. But then I realized when I was looking up videos and watching people work with Wireshark or after watching people work with this Splunk or something, I know what this are, I know what they do, but I don’t know my way around them.
Yes. So I found John Strand’s course on YouTube and then I signed on for it on his website and that was amazing. Was a four-day course and I thought if I ever meet that guy, I got to thank him so much. He taught me a lot in those four days.
Jason Dion:
Yeah. John does a great job with his courses. I really like how hands on they are. And then I know he also does kind of a unique thing where he does the Pay What You Can model, I think is what he calls it, right Kip?
Kip Boyle:
Yes. Yup. Yup. Pay What You Can.
Jason Dion:
Yeah. And so his whole goal is he wants to reach as many people as possible and he doesn’t want money to be a barrier of entry. And he came from the world of sales which has awesome courses, but they’re 4, 5, 6, $7,000 for a one week course.
And John didn’t want that kind of thing. He wanted to make sure everybody had access to it and that’s why he started doing all these stuff to begin with. Black Hills, Infosec and the Pay What You Can model with all of his courses. You can go ahead, Mike.
Mike Hillman:
I point up because there are more that price.
Jason Dion:
Oh yeah, yeah. The SANS courses are crazy expensive. Somebody was telling me now I think they’re eight or $9,000. A lot of time I saw them, when I looked at them they were 5,000. And I was surprised to hear now that they’re eight to $9,000.
Because even at 5,000 they were super unaffordable and the only people I ever know who have taken SANS training is when their company pays for it for them because if you’re not employed yet, you can’t really afford that. It’s a super high value of money. They’re great courses, but they’re stupid expensive.
Kip Boyle:
Yeah. Well, and it’s obvious that they’re pivoting to large enterprise, right? That they’re going to dedicate to companies that are willing to pay that amount of money. But then what about the rest of us, right? So yeah, I love what John Strand is doing.
I think his vision for providing affordable high-quality training. I mean, John used to teach for SANS and I used to teach for SANS. It’s great practical material. I think the quality of the training that John’s putting out on these Pay What You Can courses is excellent.
He could easily charge four or $5,000 for what he’s doing if you compare it to what SANS is putting out. So I’m really glad you got a chance to take John’s course, Mike. What did you think of it?
Mike Hillman:
I love that it’s long. You’re right there. You’re talking to him. You can go on Discord, you can ask a question. He answer any question there. I loved every part of it. There’s nothing bad about that.
Kip Boyle:
And are you using what you learned in John’s course in your job?
Mike Hillman:
Yes. A lot of the command line stuff he taught. A couple of tools he uses, I’d get to use on this job, but there’s a lot of stuff that he just says. Everything that he says and does it shows. So helpful.
Kip Boyle:
That’s great.
Mike Hillman:
Yeah, it brought me off my skillset. Within four days, I feel like I was job ready by Friday, just started out on Monday.
Kip Boyle:
That’s amazing. I don’t know if you’ve given John that feedback yet, but if you haven’t, I would find some way to pass him a note and let him know just how important that experience was for you. I’m sure he’d be very happy to hear that.
Mike Hillman:
Yeah, I said to him in Discord, like thanked him for it.
Kip Boyle:
That’s great.
Mike Hillman:
Actually as soon as I started my role now I seen four days before my role started, he had a four-day course going. I think it was cyber deception it was called the course. And I paid and took that. And I just did another course that I evolved in and learned so much from.
Jason Dion:
Yeah. One of the things that I find in the cybersecurity industry is there is so much to learn that you’ll constantly be going back for more courses and more training as you try to level up into different areas.
One of the other things that I heard you say when you were talking about you kind of built your foundation with A+, Net+ Security+, which is what most people do. And those courses are really good at giving you a general baseline knowledge to make sure you have this foundation to build upon.
But it’s not a hands on practical course like when you start taking a Nmap course or a Wireshark course or the SOC Skills Course that John has. And they’re not meant to be, right. They’re meant to just be able to have a common baseline knowledge to hire you.
We know that you have at least this level, and then we can build up on top of that. And I think that’s what what’s great about those type of courses. But the other thing is when you’re doing those, you can burn yourself out if all you’re doing is course after course after course.
So one thing I like to do is I like to build in breaks. So you mentioned you’d done three in three months. I probably would’ve done A+, taken a week off. Done Network+, taken a week off. Got to Security+, taken a week off and then go to the next thing. Right. But give yourself a little breaks as you go.
And as you go throughout your career you want to make sure you hold further yourself down either. So it’s important to build in things like vacations, training time, else during time and all of that so you don’t burn out because as you said, cyber security could be a very stressful job.
Let’s move into the third thing I really wanted talk about, which was your current position. Right. So you were a truck driver, you went and got some basic search, A+, Net+ Security+. Got some hands on training using John stuff and Nathan stuff and being able to get that.
And then you went to go find a job. What kind of a job were you targeting and what kind of feedback were you getting when you were putting in your resume and your application?
Mike Hillman:
I was mostly targeting as SOC analyst position. A lot of what I read said a lot of people said it’s like that’s usually your starter role, that’s what you have to do, that or the help desk position. Everyone starts at tier one help desk.
I wasn’t applying for those though, I was home applying for the SOC analyst shelves. And I was getting interviews, but multiple times this happened to me, I think three times exactly where I got to the second or the final interview and they really liked me, but they said, “We have someone else who has more experience than you. And unfortunate we really need him right now. That’s what we need.”
But they always said, “There’s nothing wrong with you. Nothing that you did or didn’t do, just he has more experience.” And that was the negative part of it. But the positive part, which I recommend other people do is ask a lot of questions when you’re interviewing the hiring manager.
I was asking these guys 100 questions. Like if they asked me a techno question, if I answer it and they said, “Yeah, that’s a good answer.” I was like, “What would you say though? What was your answer? How did you find this?” And I always did that and I think they really appreciate that I did that.
Especially that position I have now, because I think that was one of the main reason they said they eventually hired me.
Kip Boyle:
I love that. What a great technique. Where did you learn that?
Mike Hillman:
I just wanted to take these… I would always get their name and I look them on LinkedIn and I would see that these guys have 20 years of experience. They did all this. I was like, I have to pick this guy’s brain a little bit.
And that’s what I just came up with and decided that’s what I was going to do. I asked some guys 100 questions.
Kip Boyle:
That’s fantastic.
Jason Dion:
I mean, we’re still learning the experience through that interview process as well. And that brings up a really good point. I know a lot of people get discouraged, especially when you’re trying to break in and you don’t have a longer experience and think that, “Hey, it’s never going to happen.” And really it becomes a numbers game.
Yeah. It’s a lot harder to get a job when you don’t have experience because if we have 10 people applying for this position or we interviewed for the position, and eight of them have experience and two of them don’t, we’re probably going to pick one of the eight people who have experience.
Because as a hiring manager, Kip and I can tell you, that we posted a job because we have a problem that we need to solve and you hire somebody who never had experience, they may not be able to solve the problem because they may not have the hands on skills.
Just having your Security+ is not good enough, because as you’ve said, you didn’t really get a lot of experience with those tools besides Security+. But that’s where I think your other experience by going through these other training courses was able to get you past that hum.
And I’m guessing in your current job when you met with those hiring managers, they probably said, “Oh well, we don’t see you have a lot of experience here. How do we know you can do the job?” And probably said, “Well, hey, I did this course with John and I know how to do this tool, that tool.” You speak to those tools because you’ve had some hands on experience with it.
Is that kind of what happened with you of how you’re able to kind of convince these folks to take a chance on you, or how did you work that lack of documented experience?
Mike Hillman:
That’s what it was. They seen all my free time, I was taking the time out. I wasn’t going out all weekends or anything. I was doing this, I wanted this. And they seen that, I really wanted that. They seen all it, but I put on my resume all the courses I did, everything from Udemy to YouTube.
Like I took this hour course on YouTube on Wireshark. I will sneak that on my resume somewhere. And they seen that, they said to my face, “Do you know your way around Wireshark?” I was like, “I do, but I’ve never done it with a purpose.” Or I’d be like, now if I’m doing for work, I’ll say, “I have to figure out something.”
It’s not like if I get an alert, I’m triaging an alert. I have to figure that out. And when I was doing it on the YouTube course I was doing it, but I was like, this is further. It’s like, I don’t know, I can’t figure it out.
And that would actually get to the answers part, but that was what I told them though. I made sure they knew I’m not an expert, not, but I know my way around Wireshark. I know my way around it, but if I was blank or anything like that, I can figure it out. But I would want you guys to watch me do it.
Jason Dion:
Yeah. And I think a couple of things when you’re trying to stand out amongst people who have experience and you don’t have experience, the things you can do is you can get additional training.
And I really like how you’re going after very hands on courses instead of just continuing up the certification ladder. And now you’ve got the job as the SOC analyst, you’ll probably go back and get your last A+ and your PenTest+ like that later on, but for right now you’re really focused on those hands on skills
And by adding those to your resume, we’re also doing something, if you knew this or not, you were also keyword stuffing your resume because when they said, “Hey, do you know how to use Nmap? And you’re like, “Yeah, I took the introduction to Nmap course where I took the SOC analyst course that includes Nmap skills.” Right.
Those words now show up on your resume and will pop up through ATS, which helps get it in front of the hiring manager. So I tell people all the time, if you don’t have experience, it’s not a nonstarter. It just makes your job a little bit harder up getting that first position because everyone is reluctant to make that first hire.
But now in Mike’s position, he’s gotten that first job, he has a couple months under his belt of being a SOC analyst. And in a year or two when he is ready to go for promotion or go to the next job, he’s going to have such a much easier time because he already has that documented experience under his resume.
But being able to get that first job was based on these different courses he took, these different practicing on his own using these tools hands on, so that when he got to an interview, it’s the way he says, “Hey, have you ever used Wireshark before?”
You could say, I haven’t used it professionally, but I’ve done this, this and this in these different courses or competitions or capture the flags or whatever, and that shows experience as well. So it’s another way you can document that experience without having a paid position out of experience. Yeah. But Kip, what do you think about that?
Kip Boyle:
Boy, I tell people all the time just how important it is to get as much hands on experience as you possibly can. And you and I have also told people, we’ve even had as dedicated episode on the podcast where we’ve said don’t over certify yourself. Two or three is pretty much all you need to get that next job.
And so Mike, I just think you just took a wonderful approach there. And I don’t know if you’ve been listening to our podcast or if you listened to our advice or not, but the point is it worked. It made a difference for you and I’m really glad.
Mike Hillman:
Yeah, thank you. Yes, I do listen to the podcast. So I was so exited when you invited me into it.
Kip Boyle:
Yeah, we’re happy to have you here. Really appreciate it.
Mike Hillman:
[inaudible]. I’m sorry, you-
Jason Dion:
Oh, I just said, I think the next big step for Mike is over the next 12 to 18 to 24 months. Okay, continue building his scale, continue building that experience. Now he has documented experience of what he’s done in his position and leverage that into his next position, either at the same company or at a different company.
A couple of other questions for you, Mike. In the position you’re doing now, you got hired on as a SOC analyst or a junior SOC analyst. What was the position title that you were going after for that?
Mike Hillman:
Security analyst one. That’s the name I hold.
Jason Dion:
Awesome. Yeah. So for those listening to the audience, you’ll see these things called different things. Sometimes they’ll call it SOC analyst or junior SOC analyst or senior SOC analyst or something like that. If you’re brand new and have no experience, you want to be aiming for those junior SOC analyst roles.
Or as Mike found, sometimes are called things like security analyst one. And there’s usually level one, two and three based on junior regular and then kind of the professional level that just keep moving up.
And generally that’s less than a year of experience, two to three years of experience and then three, two plus years of experience is kind of how I see them break up those level one, two, and three depending on the organization. In your position, where are you located in the world? Where are you working from?
Mike Hillman:
I’m at Philadelphia.
Jason Dion:
Okay, cool. So you’re actually in a big city. So is your company also located in Philadelphia or is it a remote position?
Mike Hillman:
They’re right across the bridge [inaudible].
Jason Dion:
Okay, cool. Yeah, so they’re really close by. And that’s one of the nice things about being in a big area. I mean, if you were in the middle of Kansas, maybe little harder to find a SOC analyst job, although there are more and more of these days and more and more of them are remote as well.
But yeah, it’s nice if you’re in a big city. I used to live in the D.C., Baltimore area and there was just so much work for SOC analysts down there between government contracts, military and all of the different contractors out there.
And so your being in a location does definitely help. And then for your organization, how large of an organization is your company? Just say if-
Mike Hillman:
I would say it’s business large business. It’s about a medium size business. The exact name, it’s Holman Enterprises. Company Coleman. I’d think it’s not small, but it’s medium size. It’s not giant where I’m overwhelmed with all those emails or all these alerts.
I think it’s a perfect position for me to start. It’s not too small where I’m just getting bored all day or something. It’s just enough where I’m not panicking because I’m overwhelmed with alerts or with fishing new guys or something. I’m trying to figure it on out.
So I would say it’s medium size, to answer question. And can I bring back to when you’re applying for jobs, don’t get bothered on what the requirements of the job are in my opinion. The requirements would say a lot. And for this job, I base it off the requirements, I wasn’t qualified at all.
Jason Dion:
Yeah. So that’s one of the things that Kip and I talk about in our hired course as well is that these listed hiring managers put together the job requirements. This is a wishlist, right? This is like, if I could find the ideal perfect candidate, they would have all these things.
And generally nobody has all those things and even if they did, the person who’s hiring doesn’t want to pay what it would cost to get that person. I’ve seen some of these entry level jobs and they talk about five years of experience, that must have experience with all these different tool sets.
And I’m looking at it going, I have 25 years of experience and I still don’t pay 100% of that. And I’m a really smart guy on this stuff, right. And so what we always say is if you meet 50% of the requirements, go ahead and apply. And when you are brand new and you don’t have all the experience, you kind of have to put out a lot of resumes and apply to a lot then see what sticks.
I think in your story one of the great things was the company you ended up at was a medium size company, which is really useful. Because if you go to a small company, you may have the ability where they’re going to take you in and give you a chance because you’re new and they’re willing to work with you one-on-one.
The challenge with the small company is either there’s not enough work to keep you busy or they’re going to expect you to do everything because there’s not enough single work for you to just be a cyber security analyst. When you get to a medium or a large size company, you usually could focus on being a cyber security analyst, like you are in your position, and you have enough work to do.
But when you start getting into large companies, sometimes they get to be super bureaucratic. And so for the larger companies, if they say, must have two years of experience and they see zero experience, you just automatically get filtered out before a human ever sees it. And so that can be a problem too.
So sometimes I find that especially for those who are trying to break in that medium size company is kind of a sweet spot because you have people who still care, there’s still enough work to do, can afford to have one or two junior folks underneath the wing of somebody who is a little bit more senior to bring you up.
And then you now become the medium guy and then they’ll hire somebody else and you’ll be training them next year as their taking over this entry level role as you keep moving up. So I think that’s a really good point to make, especially for us trying to break in.
Kip Boyle:
And Mike, you just started this job, right? How long have you been doing it?
Mike Hillman:
Yeah, I started August 1st.
Kip Boyle:
Oh, like a month?
Mike Hillman:
I’m feeling really fresh though. Yeah.
Jason Dion:
Yeah. So at this point, as we’re recording this episode it’s been about 45 days that he’s been out of the job. Still loving it. I know you and I started talking about month ago and I know you were enjoying it and the challenges and everything that it was coming up with it.
But yeah, that’s why I wanted to have you on the podcast because I just thought it was really inspiring story to me how you came from, not an IT background, you didn’t go in through the help desk.
You came from driving a truck, you got the certs, you got the hands on training and then you’re able to find a job and you’re able to do that all in a relatively short period of time and be able to get that position and now you’re able to keep up as you go. So I think this is awesome.
Mike Hillman:
Yeah. I was very, very grateful ever since. It happened very quite to me, but happening quick for me, could happen anybody else.
Jason Dion:
Definitely. So yeah, as we’re rounding up the episode, I know you got to get back to work, I’m sure. I just wanted to thank you again for joining us today. And if you have any last words or for any comments for the audience, I’ll pass it to you and then to Kip and then I’ll close this out.
Mike Hillman:
If I were to start this over, this process, I would definitely from day one focus on getting hands on experience, even while I’m doing the certifications. I waited until the certification were over, until I pass them and then I started getting hands on experience.
I would start from day one, just everything you read about in any of the certification books, download that software, download an app or something, work on get better at it every day.
Jason Dion:
Yeah, I totally agree with that. In fact, as I’ve been redoing all of my courses, I’m currently filming a A+ 1101 and 1102 for part one and part two. And one of the things we are doing is really a lot of hands on demonstrations.
We’re walking people through how do you use the tools. And not because it’s covered on the exam. For instance, one of the objectives is identify the different components inside of the Windows control panel.
To do that, I could have just had a video that said, “Okay, this is what this component is, here’s its purpose, here’s where it is and move on.” But instead, we’ve actually spent five to 10 to 15 minutes at each of those tools, showing you how to use it, how do you set the settings, how do you configure it, how do you use these things?
And as we go into our cyber security courses, we do the same thing with, here’s how you use Nmap, here’s how you use Wireshark. Now in my courses, I definitely preface that with, you don’t need to know this for the exam, but you need to know this to be a cyber security analyst
So it’s still important. And so I think that’s a great point of getting hands on however you can and it doesn’t have to be some big expensive course, like a $9,000 SANS course.
It can be a Pay What You Can SOC analyst course that John Strand has at his website, or going over to Station X where he’s got a panel of all these different Amazon courses you could buy as a monthly subscription. And it doesn’t have to be expensive to get access to this great content that can really help you out. Kip.
Kip Boyle:
Mike, I really want to thank you for being here today. Your story is inspirational. I imagine people are going to really get energized by listening to what you’ve done. Congratulations. I’m really happy for you.
Mike Hillman:
I really hope people will see this and really believe that they can do it. Thanks for having me guys. Thanks a lot.
Jason Dion:
Definitely. And yeah, I want to thank everybody in the audience again for listening to another episode of Your Cyber Path. I want to thank Mike for joining us and telling us his story as you went from truck driver to cybersecurity analyst. And as we close up this episode, if you enjoyed this show, I really appreciate it if you can go over to Apple Podcast and leave a review for us.
We have a couple of reviews that just came in that I wanted to thank, Mesa and Nova for leading five star reviews. They found the podcast very helpful and they thought it was a great podcast that gives a lot of great information to help you break into or exceed inside the cybersecurity industry.
And your reviews, help other people discover this podcast and spread this brand and spread this awareness so we can help everybody else who wants to make this transition into this cybersecurity field. So please take a moment, hit that review button and just let us know how you’re doing.
Leave a comment and we’ll shout you out on our future episodes as well. That being said, thanks for joining us for another episode and we’ll see you next time.
Kip Boyle:
See you next time everybody.
YOUR HOST:
Kip Boyle serves as virtual chief information security officer for many customers, including a professional sports team and fast-growing FinTech and AdTech companies. Over the years, Kip has built teams by interviewing hundreds of cybersecurity professionals. And now, he’s sharing his insider’s perspective with you!
YOUR CO-HOST:
Jason Dion is the lead instructor at Dion Training Solutions. Jason has been the Director of a Network and Security Operations Center and an Information Systems Officer for large organizations around the globe. He is an experienced hiring manager in the government and defense sectors.
Don’t forget to sign up for our weekly Mentor Notes so you can break into the cybersecurity industry faster!