Convocourses Podcast: Cybersecurity to Study in 2021 SCA Resume

http://convocourses.com

 

Hey, happy new year, everybody.  This is a podcast for combo courses, and today we're gonna be talking about  we got some, a few questions that, that have been  asked of me. I've got a resume to go through. And  I wanna talk to you guys about 20, 21 and what  what I'm gonna be studying this year  as a focus for like certifications or just sharpening my skill and some things that I would recommend that you  look at too.

Cause I think it's  looking forward five years ahead.  What I think is gonna happen as far as our industry is concerned, cyber security or  data analysis and things like that. And so let's get started. So the first thing I wanna talk to you guys about is some of the things that I'm gonna study in 2021, the things that I think that  are gonna be relevant going forward in the future.

And let me just switch my screen here to show you the very first thing.  that I wanna show you is  blockchain technology. This is  something I think that's gonna be more and more re relevant. If you've been watching the news, you've been seeing cryptocurrency going  off the rails lately. And a lot of this technology  the money is based on blockchain.

And I don't think that this technology's going away. It has all the hallmarks of what I saw with cloud computing many years ago, and everybody kept  talking about it and it just kept coming up over and over again. It's really the same  trends I'm seeing  where all these gigantic companies and all these giant organizations are really  dipping their toe in a blockchain technology and very quickly what it  is a basically it's a digital ledger.

It's a distributed digital ledger that allows you to basic you, you can essentially  you. , you don't have to have a middleman. It allows you to not have a middleman because there's something there's a, normally, if you like a, with a bank, for example, a bank is a middleman to your money.  Your money is there.

You have to go to the bank to get your money, but with a digital ledger, basically, essentially your money is out there on the web and distribute. It's all over the place it's distributed and encrypted  so that you can access it. And it has  it's a cure. It allows you to be anonymous and  and it's something, it validates it so that you can't, you people can't say that they didn't make that a payment or could, or didn't get a payment.

It's immutable. That's what that means. So the technology is emerging  slowly but surely  and not just cryptocurrency by the way, but also    for things like logistics. And even  voting can be done with the blockchain, many other  things that we use every day can be used with blockchain technology.

And so that's why I'm gonna be studying more on this    the actual technology behind it    as opposed to just  cryptocurrency for the sake of making money and investments and things, that's a whole separate issue. Blockchain itself does much more than just  money and essentially, like what, another thing that you should know about blockchain technology is that  let me see Oracle starting to use it.

 Walmart is starting to use it and  many different  other organizations and governments are start.  Dip their toe in this technology. And it looks a lot like  what cloud technology was looking like about 10 years ago. All right. Another thing I'm gonna be studying very heavily is cyber threat intelligence.

This is becoming  much more important  to anybody who does cyber security and what this is from a high level is it's. If you have a customer or if you have an org you're in an organization, either one and you're protecting someone's assets, their laptops, their servers, their information, their personnel, you're protecting their assets.

Cyber threat intelligence is where you  do recon to see if anyone is. Looking into trying to break into those assets and the way you would, one of the ways that you could do it is to have a cyber threat intelligence  cyber threat intelligence system that goes out and checks the dark web checks  the internet to see who's talking about your organization.

 Does anybody have your, the  IPS of your organization or is anybody scanning your organization? So you're looking for where people are trying to get into your organization,  a preemptive you're. You're doing preemptive checks to see if there's anyone trying to get  into your systems.

This is gonna be  really more and more important  as technology becomes  even more important in our, in all of our lives. If you looked at the recent gigantic hacks that are going on, state sponsored hacks are happening. And the one of the ways to.  to have some kind of defense against the state  funded  state sponsored actors is to actually do cyber threat intelligence.

See if anybody has been CA  casing the joint,  scanning  your network scanning and see if you have any vulnerabilities out there. So cyber threat intelligence is something I'm gonna really dive into this year, and that's gonna start off with  with  things like  ethical hacking, and then I'm gonna get into cyber threat intelligence, cuz you  gotta know a little bit about ethical  hacking and stuff to actually know a deep, have a deeper understanding of what threat intelligence is.

And another thing I'm gonna dive into this year and I've  put it off way too long is cloud computing technology. And this is something I talk about a lot  on this channel and  it is just getting more and more important. Like it's not going away. It's just.  it's really become a centerpiece of all of our lives  whether you know it or not.

If you've, if you watch Netflix, if you use Gmail, if you use Hotmail , if you, whatever you use, like most of these gigantic technologies are using cloud technologies on the back end. So it's just becoming more and more important. And me as a cyber security person, I need to know have a deeper understanding of  what that is all about.

So those are the things that I'm gonna study this year for 2021, and  possibly get certifications in some of these technologies  and actually it's become a required couple. Two of those things on that list that I just mentioned to you are, have become a requirement for the job that I work at, that  I have to actually  get a certification in 'em.

So this is  something that, that I'm definitely gonna do.    And I think. These tell those three things are gonna become more and more important in the next five to 10 years. All right. Let me  see if I got anything else. I see a few people watching me. If you guys have any questions, let me know.

I'll give you guys time here. If anybody wants to chime in, I've got a few people who've asked me questions and a few people who've asked me to actually look at their resume. So I'm gonna actually do that. Let me see if I can find a good one to look at here. The first one I'm gonna look at is going to be from the, I changed the names, just so you know, change the names and  the addresses and everything on there.

So there's no need to worry about that. I'm gonna look at this resume right here. And what I like to do is I will.  get, put my suggestions in there sometimes  the resumes are so good. I don't really have much to say about it, but it's just like little tweaks and stuff of what I've done on my own personal resume to give them some, to give them some extra juice, some Google juice on that resume  and  my mindset is that I market myself.

And so I encourage anybody, any of my students, anybody who follows me to do the same thing, you gotta market yourself. It's very important in this day and age, there's just so many people. And there's so many competitors out there for you. There's so many other eyeballs on other different resumes that you gotta put yourself.

You gotta set yourself apart by advertising yourself, marketing yourself. Okay. So this is coming from Mike and he's in the DMV area and he is  a senior assessment and authorization engineer. Okay. All right.  I've never heard that. Title before, but  that's good.  If just one suggestion I would make here is if you're Mar if you're looking for a different job, I would, one of the things that I do is I put some more  more common, a more common name out there.

So this to me sounds like it's  and I could be wrong here, but one of the things that he could do is say, he's a security, and I'm gonna read through the resume. This might change. I would suggest I'll just say suggestion is to have the title of this, be a security control  assessor. And the reason why I would say that is because the security control assessor is a more common name  for this type of work.

But then I, this might be something I've not. I'm not familiar with authorization engineer, but  it is just not something  I've heard people use in my industry. So that's why I I would recommend they do this now. This is good. They put active top secret clearance. That's really, that's excellent.

 You, do you definitely wanna put any kind of clearances that you have here?  Up top, because that's  a very marketable thing to have   that immediately eliminates 80% of the people who are gonna compete against you. So that's a  very good thing to put on a resume.  Let me see, I'm gonna read the top part of this qualification profile.

This is pretty good to have, like whenever you're marketing yourself  because places like LinkedIn will have an area where you can put stuff like this, but what I normally do is I take advantage of it by putting as many keyword as possible inside of this profile. You don't want it to just be flowery and sound good.

You want it  to hit 'em right in their teeth. You know what I mean? You want 'em to grab their attention immediately with a bunch of keywords. So they said concept and execution con concept to execution focus, systematic profe. I would not put any of this stuff in here. Okay. I'm just gonna, I'm just gonna suggest some things here.

I'm just gonna suggest some stuff I'm gonna say.  Now I'll have to read the, what I'll do is I'll read through the resume. I'll come back and fix this up, but it's just way too flowery for me. Like I would not, if I was reading this, I would just skip right by it  cuz I want to know what they can do core competencies.

These are good. But  another thing that I do personally is I take this and I put it at the end, any kind of listing stuff like that.  I put it at the end.

 Cuz it will get picked up by the search engines. That's the reason why I do it.   But when I'm reading through it, I want to very quickly know  know what their education is, cuz that's normally a show stopper or a show  it gets the show on the road if they know, okay, this guy has a bachelor's degree.

That's one of the requirements. He has a C I SM certification. That's one of our requirements. So you wanna  very quickly  have all the main things up here. Now   this dude's actually got a great resume here. He's got some great set of skills. So another thing I do is I would put your top certification right up top, like this C S M I would say, is this top certification?

I would say I would put it right up here. Not trying to brag or anything, but I am a CI SM. And  maybe you put the number in there cuz this is gonna be. Guaranteed a requirement. That's gonna  this certification right here can replace things like C I  S P and some other  large level high, sorry, large high level security certifications that  that he has.

And then the cast is also a really good one. But I think  the C I SM is  a better, has a, is better, is a higher level. It's more, no more people know about the C I S M I should say. Okay. So he's got a ethical hacker certification. That's also a good one. I would, that's another one you might wanna put up here as well.

That's a very marketable certification, a lot of pen testers and hackers  really look down upon the C, but I'm telling you it's very marketable cuz  the corporations have not gotten the memo, the government and the corporations have not gotten the memo on, on how bad this certification is. So it's very, still very marketable.

   Yeah, I would put that on top. Let's see security plus. Okay. And some other stuff. All right. Let's keep going here. Scott.  Cyber security professionals, Maryland. Oh, okay. Affiliation. I'll put this at the bottom. We wanna get to the meat. The meat  is the actual experience. So I'm gonna take this, I'm gonna put this at the bottom.

This is a great resume, by the way  this is right at this point, all I'm doing is putting my own suggestions in here  which he can  take it with a grain of salt. Like I, it, this, he could leave it just how it is and it would still be fine cuz he's got so much good stuff in here. The only thing I would  highly recommend changing is.

this right here. Cause you want this to have impact. And this to me, expert at administering desktop printers, and this is not a good impact. This is not tip in my mind if I was reading this and I was trying to hire this guy, I'd be like, eh, whatever next  I'm not trying to be mean or anything, but  just keeping it real with you guys so that you guys don't do the same kind of stuff on your resume.

 No flowers, just straight facts  keywords, stuff like that. Okay. Let's see. So job was at K force  to current. All right. Top secret clearance.  Let's see a C Splunk. Okay. This is actually  really good stuff. Support all activities on  as outlined in this 837, 1 37. Okay. All right. Not seeing a lot of impact.

But I'm seeing lots of great keyword, so that's good support all outlined in. Okay.  Review and analyze a and a as assessment and authorization.  Security controls missed overlays  experienced using administrative  administration of EAs. Okay.  So this guy, it sounds like he's like a  is O but  I'm not really sure what, cuz he names himself as a senior assessment authorization engineer.

That sounds like an ISSO. So another suggestion I would make is to possibly or use IFSO

information system security officer.  and then I'll just tell 'em here. That senior, what I'm trying to get at is it's a senior assessment and authorization engineer is uncommon, is an uncommon title is an UN uncommon title. That's all I'm trying to say. So you wanna use like a common ti, if you're gonna put a title up here, it should be a title that people know about.

And that also fuels your  your Google juice, your keyword  cuz the, and the thing, the reason why I emphasize on my courses  and whenever I do  these  resume suggestions, these are my suggestions. I'm sure other people have way better ideas than me, but these are just my suggestions.

The reason why I focus so much on keywords is because that's really what a lot of employers and a. Technical recruiters use as keywords re technical recruiters and the HR department. Who's looking for jobs and stuff. Typically  they're not a technical person in your field  every now and then a organization has the  resources to cut some technical guys loose and say, Hey, go look through all these resumes and screen some people and have 'em come in.

But typically what happens is your resources.  is your guys on the ground. You need them to actually do work.    You don't want them to go looking through a hundred resumes.  You want them to be working on cloud stuff. You want them to be analyzing data. You want them to be doing their job.

 You're gonna have. So that's why, what organizations do is they have people who are not low level workers. It's not the right term, but. HR  a screener from a whole, a third party organization, a third party company, they say, okay, look, here's our requirements. Please look through these hundreds and hundreds of different resumes and see if you can find us some good picks, just we gotta make sure that they have us    and CSM.

They have to be in information system, security officer  and see the thing is when they say we want a system security officer, they're not gonna know what a senior assessment and authorization engineer is  is that, does that make sense? So you wanna use the same language that people are using if everybody is using cyber security.

 The thing is I've been through a few iterations  of this. So first iteration, when I went into security, Everybody called the information assurance, like if you were doing risk management framework, if you were doing certification and accreditation, that's what they called it. We were called either certification and accreditation engineers, or we were called information assurance officers, or we were called like this, just  it's just an odd, that was like information AUR.

 What is that?  What they meant was security. You're security guy who does paperwork  essentially   you're a compliance guy that would make more sense, but then it evolved from information assurance to  what did they start calling it? It was information system security, then information assurance, and then they start calling cyber sec, cyber security engineer information.

 Change. And now the do D I think they are calling it like cyber surety or something like that. I don't, they keep changing the terminology, but you wanna keep up with the terminology people are using in this industry. So that way  what words to use for those HR guys or those screeners who are who's, who are looking for all these resumes.

And they're looking for that one keyword, they don't know what an information system security officer is.  All they know is that the employer said, Hey, we want an information system. And if so  make sure  that's you get this person. And so you gotta use those keywords. Okay. I'm gonna get off my  get off my soapbox here and I'm gonna continue going through some of these.

Yeah. Tony, I see your message here. Let me just finish this. Getting through this resume. This resume does not look bad by the way.  I've seen some really bad resumes. If you've been watching these for a while. I've been through a couple who were, that were really bad.  This one's actually pretty good.

It's got great keywords. My only main suggestion would be, I'd be really surprised if this doesn't get tons of offers. My only change would be to change this whole, this right here. This is just this just too much fluff.    Just get to the what. Okay. Let me just give you an example of what I would write here.

What I would do is I would say something like, cuz this guy has so much awesome skills. Let me just read through  what he's done before.  Let me see.  And now analyze  vulnerability data, multiple sources  using a cast and Splunk.    Okay.  Here's what I  would do.

I don't know how many years of experience this person has, but I would start off with my years of experience. I would say it looks like he has years of experience. Look  as a security analyst. Good Lord. Jesus. Why? What are you doing here?  What I would   I'm sorry guys.  I'm just, I'm a little frustrated.

Okay.   I would say X years of cyber security analyst work using tools such as is  Splunk. NEIS I don't know how to spell NEIS so he is gonna do a spell check NEIS.

He said a castle that's NSUs you wanna use? NSUs that's a real good tool to have.    And  let's see, EMA wait  and a grasp of

 No, not grasp, but  we wanna emphasize how much skills this guy has. Cybersecurity analyst work using tools such as eight years of experience or whatever years, experience analyst work, using tools such as Splunk S  with, okay. And okay, here we go. We'll say, and NEIS with a  with solid experience.

Implementing

 Risk management framework.

And we want to get that keyword in there. RMF, I'm gonna say N 800 also  key phrases with solid. Okay. Yeah. See, I would start off.  I wanted someone hit 'em right in their mouth.  I don't want them when they see my resume.  They're gonna stop reading all other resumes when I'm done.  That's your goal.

You want them to stop on your resume and not read another resume? Okay.    He, this dude got so much experience, like why is he saying all this fluff? That doesn't oh my God. Okay. So yeah, I would just hit him right in their mouth. Like I, okay. Then he wants to say.   Have I have a active security clearance now you might be thinking, Bruce, why are you saying clearance over?

He says it here already because we're using a different keyword. So up here, he said, active top secret clearance right here. We're saying active  security clearance. It's a, there's a difference. And we gotta spell it  by the way, there's a difference because it's a different key word. So somebody's looking for security clearance and they want you to have a  they want you to have a security, a secret clearance instead of top secret clearance.

They'll still see that you have a clearance period. They'll go, they'll be looking for a secret clearance. And they find a guy with an active top secret clearance. You know what I mean? So we wanna make the net as broad as possible. This dude's got so much incredible experience. That    there's a lot to choose from here.

 I would put something like this in here.  Okay. Okay.  Watch this. So we wanna put more about his in information security officer experience. So we wanna put ISSO with years of experience.

 See how I can't spell.  see. It's very important to do a spell check  all right.  Experience. If so with years of experience  getting  authorization to operate and with, for, and for multiple  information systems.

So I got a bunch of keyword in here. I got cybersecurity analyst. That's a keyword key phrase. We got Splunk. We got NEIS, we've got risk management framework. We've got N 800. We've got a O  we just want to hit all the buttons.  We don't want fluff. We don't. Oh, bilingual. This is a good one too.

This is  really good. And oh, by the way, I'm bilingual. Yeah. Super powerful. Bilingual opens up a ton more jobs for you. If  more than one language, any language it's gonna open up other jobs for you. So that's just something that to keep in mind. All right. So that's it with that one. I I hope that  that's helpful to, whoever's watching this  the idea behind this is  to get yourself in line with the market.

that's the whole thing. And you need  to do that. You need to tell people who you are. You gotta show people, Hey, here I am.  That's what marketing is all about. So you wanna market yourself. That's the whole, that's my whole thought process. Okay. Tony says, Hey bro, I have about seven years of compliance experience and I'm bored to say the least

I want to move into  security engineering and architect roles. How do  do you suggest I proceed? Wow. Tony  that's  I had the same experience. Like I, I had been doing it for  I don't know, 12 years or something, and I just got so bored with it. It wasn't a challenge anymore for me,  and I know that sounds ridiculous if you're getting paid  and you're, you got a secure job, but you need some kind of a stimulation. I got into it cuz I love technology,  and so I was doing this for like  years and years compliance  and I found myself losing my technical cuz I had technical skills and I started losing that because all I was doing was compliance stuff.

So I know how you feel. So what I did was I  I just jumped off a cliff man. Like I, and I don't recommend this to anybody, but this is what I did.  I took a job doing something that I was really excited about. I was looking for another position I was in between jobs and I was looking for another position and somebody off had a job overseas.

to do.  They actually, it was risk management framework.  I applied for that and I applied for another position they had for  a system security analyst.    I applied for the system security analyst and I didn't  I  of read about it. And it was talking about  using Sims and talked about using  tools like.

McAfee EPO  and  IDSS and IPS. And I was excited. I'm like, oh man, this is so cool. I've never even some of the stuff I never even touched before. So I was really wanting to get into it. So what I did was I applied for that job, as well as the risk management frame, I was fully expecting them to look at my resume for risk management and be like, okay, this is our risk management guy.

They didn't do that. They  chose me for cyber security. They looked at all of my old technical skills and they were like, okay, this guy right here  we really need somebody to do this work for cyber security analyst work. And they picked me up and they picked me up as a, like a junior cybersecurity analyst where I was learning   I wasn't like the guy, the main guy on the floor.

Doing everything. I was like, one of the people like learning different technologies and actually staring at a monitor, looking at the data, coming in, out of a network and analyzing, they taught me arc site. They taught me, which is  a SIM kind of like Splunk, a little bit of Splunk. They taught us  all these different tools, man.

I had a blast, I'm learned so much stuff, but  I had to learn, like I was like, I was fresh outta college.  had to swallow my pride and I had to  take, which I have no problem with, but I know that some older guys, especially if you've been in it for cyber security or it for a while  some of us  we've seen war zones and stuff,  so it's like, why is this kid telling me what to do? But I didn't feel that way. I was like a kid. I was like a little kid learning  like a wide-eyed little kid  oh    yeah.  Really getting into it and.  and then  my work ethic kicked in and I learned everything. I could, I absorbed as much information like a sponge.

And so I would, so that's what  what you could do. You don't have to go to another country or anything. Like I did  jump off a cliff or anything, but what you could do is just apply for  a junior level security engineering and architect role to get your beak wet  to get started  but keep in mind,  if you have seven years experience    you can't come in the door with the chip on your shoulder  oh yeah.

I already know that I've done it for 15 years and throw your weight around or no, you gotta be like a little kid,  and  that's what I love about it is that I'm learning so many things like you can like right now, if somebody, if I went to a firewall role, even though I've touched them before I know how they work and stuff, I don't know how to configure a fire.

I can't do that from scratch.  Somebody would have to sit down and teach. Like from, they'd have to teach me from the ground up. Now I'd learn very quickly cuz I have all this experience and all these other tools and stuff, but you I'd have to be open minded and learn what they're teaching me and not come in there.

Like I know everything and not knowing  I have to come in there, like I'm an intern fresh outta college and I'm willing to learn from this Pierce person. Who's more than likely younger than me,  so yeah, that's what I would do, Tony.  I know how you feel. I felt the same thing many years ago,  that path right there for the in terms of my career was a great move because now I have so many other doors and opportunities that have opened up over the years. And because I have this plethora of different experience  that I can pick from  I'm now a consultant. Like  I can consult on all these different things.

 I've touched so many different  technologies before, and I don't have to actually be an expert on each one, but I know the concept so well that I'm able to say, okay, I know how this works with this. And I can look at data and say, okay, this is what I'm seeing here    but yeah  what I would do if I was you Tony, and actually  that's what I did in the past.

 And I know how you feel. All right. I got some other questions here that some folks have contacted me about and I'm gonna answer them. So let me show you guys what I'm seeing here. Let me show you what I am seeing all. So I've got  a question. From my man. So Solomon H and he says  I received a contingent offer for wait  wait for security control assessor position.

And I'm proc I'm in the process of getting my clearance. I don't have a background in risk management framework or any cyber security compliance.  What advice can you give me? I'm relatively new in cyber security and only have one to two years experience as a system administrator. I know that my job will focus on security and privacy controls.

As I look over the, as I look over the next 853 documentation. I've enrolled in your course. And  so I can better understand an overview of how risk management framework works.  Is there anything else that you can help me with or give me any kind of guidance? Yeah, actually I really can help with this.

   I would say that  if you happen to be watching this, Sawman  as a system administrator, if you guys out there are system administrators, you should know. And especially if you're trying to go into cyber security, you should know that actually  you have many years of security experience.

So if you have set up a server before and had to put the patches on that server, that security experience, if you've ever had to do some documentation on the system that you set up  where you had to draw out a diagram, put that together and shop that around to the rest of the. The guys on  on the staff you've, that's cyber security.

 That's a little taste of all of these different things are taste of cyber security. If you've ever had to help the compliance guys out  and those guys that contact you and say, Hey, could you give me, could you give me  a blurb or some documentation about  what this security feature of the system is?

Guess what that's, you've actually assisted with cyber security compliance. If you've ever put a  secured software on the system, you put the software on there and then you had to update it. That's also cyber security, cuz you're updating the patches that could have been exploited  by a threat actor    so if you've ever put signatures on a system for anti-virus, that's also cyber security.  If you've ever.  Hard in a system like where, okay. Let's say that  the, there is a password protection on there, but it doesn't have upper and lowercase and it doesn't have, it doesn't have password complexity, but you had to go on the back end of the server and ensure that the whole organization    is enforcing  password complexity or enforcing  multifactor authentication or enforcing  audit logs to be enabled for anybody who's failed, a failed login attempts or anything.

All of those things. If you are a system, administrator are things that you could put on your, you should put on your resume as a cyber security person, cuz you have done cyber security. In fact, you have, I would argue you have done more cyber security than some. Have quote or quote unquote in cybersecurity who have not done any technical stuff.

And all they do is policy.  You've done more than them because  you're go, you're now be able to go deep in policy and deep in technical, the technical side, your skills are very much needed in this field. Now you said that you're going into security control assessments. So this is security control assessors from my interactions with them and having done this myself.

 We, the, you need a team of people who can assess different aspects of an organization.  Systems. What I mean by that is you're not just looking at documentation. You're not just looking at their security policy and saying, okay, looks like you've got  you've guys have a policy in place, and it's been updated on this and that date.

You're not just doing that. You're also ensuring that the organization is complying with their own security policies. And that means that you have to run things, do things like run scans,  so you might have to Polish up on your ability to run a necess scan or a, I don't know, name, a name, a scanner.

And you might have to know a little bit more about that, but I'm sure you'll pick that up pretty fast being a system administrator.  So that's one thing  yeah, learning the nest 800. 37 I would say  is another place to look. But if you're taking my course    that's gonna walk, that's gonna really touch on what you need to know for N 853  and N 837.

It's gonna really touch on those things.  And there's perspective of an information system, security officer. That course is actually really good for  for se, especially if you're new to that work.    Yeah, I hope  that helps.  That's a little bit of guidance for you if you're taking the course.

 If you happen to see  this  this video, Sawman any questions you have whatsoever, I actually are currently doing assessments for different organizations, so  I can help you out with that. Okay. I've got another question here. And somebody said    oh  wait.  Spade says  do you offer any mentoring  opportunities?

 Can you remind us of how.  we could work with you concerning career guidance and resumes if possible. Yes.  So spades, I get this questions like weekly now.  I do not do mentoring because I have a full time job and I really enjoy what I'm doing with teaching online, or I really am getting into it.

 I'm starting to meet other people. I'm learning stuff  from other instructors. I'm really excited about it. So I wanna spend my time doing that. But  what I can do if you're interested is I've got a bunch of courses. Let me just    show you what I'm talking about here. I've got a bunch of courses that you can sign up for.

Some of this stuff is actually free. So what I do is  I put out a course and I give a portion.  a portion of it free, and some are just completely free. Some from scratch. If you're learning this from the beginning and you want to get into cyber security, then this is a free course for you to shows you what to actually focus on.

It's  six hours along, by the way. It's not, it didn't start off free   but  I felt like it's time to help more people out  that really need it to get into this market. I've got something on resume marketing, like how I have been able to have a job  since I got outta the military  I've got so many opportunities all the time because of this meth method that I use, some of which I teach for free on YouTube, by the way, some of the stuff I tell you guys  is in this course, but it's a breakdown.

Let me just show you how extensive this is, this  many hours of content and shows you, and you can use it as a reference. You don't have to go through line by line on all this stuff, but  shows you what I do to.  Have so much success in my career  and continuously have offers from all different kinds of organizations and different industries related to cybersecurity.

And then I've got  a walkthrough of the risk management framework process from the perspective of an information system, security officer. I've got a deeper dive into that, of how to actually do the documentation piece and downloadable templates that you can use. And I'm sharing essentially my experience in this field so that you're not lost and you know where to go and how to upgrade yourself and how to make more income.

 Let's keep it real.  This is about taking care of your family and taking care of your being, having some stability, financial stability. I'm talking about how I've been able to secure  my life and my family using this career field. So that's what I'm talking about in there. And tons of it's free.

So you should, at least you should sign up. Check out the free stuff. If you like it. Now, if you do sign up, I do answer any of your questions. You I'm gonna set up communities there. There's lots more to come in 20 21, 20 22, 20 23  plan to be in around for a long time  and offering as much help as possible for people.

My wife's calling me. Sorry, let me  just turn that off real quick.   Okay. So yeah.  So yeah, I do not do mentoring just yet. Maybe I have a full time job. I love my job. I love, I know that's a weird thing to say, but I'm really having fun, like learning different things. And my, when I'm at work, I'm like really at work  I don't have time to do anything else.

I'm  really doing stuff. And  I'm doing, I'm just learning so much.  I do have a discord channel if you have, if. Anytime you want to question have que, especially if you happen to be a member of the site, if you happen to be a paying member of the site, I'm gonna go outta my way to help you out  in, in very deep ways    stuff that I, we wouldn't be able to share on here, obviously      if it's more personal or if it's more  related to specific things at your job, then of course I'm not gonna make a video about that.

 So  that's the kind of stuff that I do offer, and those are things that I can do on the weekends, like when I'm off work and things like that,  and  there might be a time when I'm on lunch or something, or just after work or whatever, I'm on, I'm off that day and I can call and we can have  a  I've talked to my students before on the phone, like we're just back and forth talking about stuff that's tailored  to their  life.

But as far as mentoring on a regular basis, I would take it extremely seriously. And I just, I'm not ready. I don't have the time and the day to, to dedicate to that.  To that.  So yeah, so that's where we're at with that.  Let me see  thank you guys for watching. Appreciate everybody. I got another question that someone asked me.

They said, let me switch this screen here so you can see what I'm seeing. They said, hello, Bruce. I'm interested in becoming an information system, security officer and was interested in your course and what guidance you can provide on what courses on your site I should start with. I was using Darrell Gibson, but  I think he's a real popular security plus trainer, but I know  the 5 0 1 expires on July 21st, 2021.

What books should I get for the risk management framework for the cap? Okay. So first of all, I am. Developing a cap course.  But that's not gonna be out for a while now, if you wanna know what book that I would use right now for the cap course, I can share that with you. I'm gonna bring that up real quick.

The one that I think is a really good one, it's not cheap. And     it's so expensive. I wanna apologize for how expensive it is.  but there's no  real op  alternatives to this book  that I've seen.  There's  there's just not a lot on the cap  and that's why a lot of people follow me cuz there's, that's not a lot of people talking about risk management framework.

And this is one of the few books that  that are out there that I think  are worth your time.  I have this book and it's, and  I'm reading through it and  it's really good.    As far as taking the cap, it's really good. I don't believe it's super practical. But I think it's a good book for the actual test.

When I say practical, there's a difference between if you're an it guy  this there's a difference between actually taking the test. There's a difference between taking the test and doing the work. And they're just two separate things. So that book right there is really good for the official guide to the cap.

 Common body of knowledge is a good book for taking the test.  Cuz they're hitting all the objectives line by line, they're hitting objectives. So that's what you want in a good certification book.  Objectives, if you didn't know, typically. What certifications I used to teach certifications.  So  what certifications do is  they have different domains, right?

Each domain has a different category, a broad category, like for example, C I  S P has, I don't know, seven categories. I don't know if this should changed. I took it a long time ago, so I apologize for my ignorance.  in advance.    Yeah. And I'm a CI  S P but  the, it has say crypto  crypto cryptography  domain.

And it has another one  that's related to security compliance.  Let's just use those as examples. So the cryptography one is gonna have different objectives that it's gonna hit. Like it's gonna have different things that they expect you to know.  And those objectives will be different.

From  the security compliance domain, which will have its own objectives that go deeper into the details of the concepts behind that domain. And when you take the test, what they do is they stick to those objectives. So if you know the objectives very well, you should be able to pass the test. And if you don't pass the test, you should be able to take it the second time and pass it.

 So yeah, that's a good book. And  and what was your other question part of your question? That's the book that I would recommend  for the cap, and then you said, was interested in your course and guidance. Okay. So for the course, for my course, I would recommend if you're trying to get, become an ISSO, the book is not gonna be enough to become an ISSO.

And this is the reason why I did, I started doing this online stuff is because. Nobody's really teaching this.  It's just, I guess  if you pay 3000 to somebody come out to your job and actually show you that way. Yeah. But no, there's just not a lot of courses that tell you, give your practical guidance on this stuff.

If you are going into it for the first time, I would highly recommend risk management framework, information, security officer foundations, which tells you what you need to know.    For the course.   Not for cap, it's not focused on cap, but for the actual work for ISSO work. So if you want a free preview to see if this is worth your time, worth your money, then just go ahead and log in.

 And this first part is free. So there you go. And then  there's just. Lots and lots of stuff on each one of the categories of the risk management framework process. So yeah  it's good for somebody who's just starting out who wants to learn this for the first time and maybe  you're an it person, but you're trying to get into risk management, but you are like, man, this I'm reading through the nest 837.

It just doesn't make any sense. I'm speaking to you in plain English and translating by the time you're done with the course. When you read through 853, when you read through risk management framework, 37,  you're gonna understand what they're saying. They just use a certain language that is just very cumbersome.

  I, myself, after years of this have to reread, sometimes I gotta read it over and over again. Cuz the language is not, they're not using every day speak like we're talking right now.  It's just, they use all this different, these different words that you don't normally see. And so you're having to reread it.

yeah. Okay.  Answered those two questions and I got a few people talking to me. Let me see, let me read a few of those and somebody's messaging me. Let me just make sure that this is not something important real quick. Okay. All right. So it looks like I'm gonna have to end this session pretty soon.  I got a honey do list to attend to.

Okay. I'm gonna read through these as fast as I can. As fast as my dyslexic brain can allow me to process this information.  okay. Says  spade says  I'm maybe five months into my first industry position  as a  tier one. Oh yeah. Tier one security operation center analyst. I guess I'm not exactly entry level, but I'm looking to make more, some more money.

   Yeah, I would. So one of the things that I did looking for a junior security analyst role. Oh, okay. So one of the things that I did that immediately made me more valuable and is  there's certain certifications. Now, one of my courses actually talks about this, but I can mention a couple right now, the certain certifications that lend themselves to making more money, like just off the top of my head, a CIS S P certification.

 And then there's certain skills  certain skills.    Actually let me name a couple other certifications, any kind of professional level certification  is going to get you more money. CI  S P the CASP CI SM C I S a CCNP. Those are our professional level certifications, entry level security certifications would be like security plus  and there's a few other ones, but    okay, so those are certifications.

 And then for skills, if you're in a sock that would be seam,  if    Splunk, if    arch site's not as hot anymore, but Splunk is super hot.  If  some of the IDSS on IPSS  if you're deep in the firewalls  if you can configure them hot  if you're Palo, Alto's a hot one.

 But if you're  it's security analyst works. So you're looking at more stuff. That's looking at logs.  McAfee products NEIS  is a good one.  But the top ones right now is still on fire would be  Splunk. Yeah, Splunk. And then another hot one, like it's getting more hot, I would say, would be cyber security.

 Cyber security, threat intelligence stuff is getting pretty hot.  Cloud computing. If you know that one, like more and more organizations are using it. So they need people who know some of the vulnerabilities of cloud technology.  What kind of gotchas that organizations fall into is another good thing to know.

So those skill sets are immediately get you in another bracket of pay.  I have to warn you though. Once you get to another bracket of pay, you gotta deal with the IRS, but that's a whole nother conversation. Okay. JJ says  I got hit up for a cyber security risk management framework engineer, long term remote W2 contract position.

I have no experience with the risk management framework. I'm guessing I got hit up because of my cyber security experience, clearance tips, and tricks. Do I have any tips and tricks for this?  You okay. Do you said I have no risk management framework. Okay. So if you ha don't have any experience in it  yeah, that's gonna be, I  if you want the job  I would talk to 'em about  taking you on as a, as somebody who's learning it.

 Just be honest with them and say, no, I don't have experience with this, but I do have risk. I do have cybersecurity knowledge and I have read through  the risk management framework, 853, I've read through 837. I'm familiar with it. I've worked with  Compliance officers before I've worked with information system security officers before I've worked with security assessors before whichever one of those is true for you.

If none of 'em are true, of course don't say that, but , if you, so the thing is  if you have experienced from cyber security, you have an advantage in that    the basic concept  of security, which is to protect the CIA  protect the confidentiality, integrity, and availability. You can just tell them you have a very strong foundation, explain to them that you have a very found strong foundation in your respective cyber security role, and then build from there.

So if you have a solid skill set in cyber security, even if you're a system administrator, just what you need to do is dig into your archives of all the times you've done. Implementation of security features on a system. I guarantee you have a solid set of skills, right? So with those skills, you wanna tell them, Hey, I know how to secure systems.

I know what to look for. And by the way, I know the risk management framework process. I've not done it before, but I know it now, if you don't know it, go learn it.  I have a course that you can go through, check that out that you can add, to be honest with you, you can probably just Google it and read through the risk management framework, 837.

I would highly recommend my course because I'm telling you exactly what you're gonna see and what they're gonna say to you and what they're expecting.    And I'd be willing to help you out. So just keep those kind of things in mind, tips and tricks. Number one. Build on what you already know as a cyber security person  confidentiality, integrity, availability, you've secured systems of before, more than likely you've worked with assessors and auditors before, more than likely you've worked with compliance people before you've done documentation before you wanna highlight all of those skills that you already have, and then tell 'em Hey, another  tip is to learn the risk management framework process.

Learn it by my course. Go ahead and learn, read through it.  Watch all the videos. You'll get a solid understanding of what the foundations of risk management framework are. Okay. I'm gonna move on to the next thing.  I'm paid member at the first as a first timer. How do I get a job? Because most of the jobs are looking for five years of experience.

So one of the things that I would highly recommend Cobi is to. Look for entry level positions. Okay.  Entry level positions, you gotta start somewhere and that start is entry level. Okay. So let me just show you what I mean by that. It's very simple. If you go, if you could follow along with me, if you want go tod.com, this is just one site, by the way, I use this one all the time, cuz  it's just so vanilla.

It's so vanilla and so easy to understand and so straightforward that it's feel like it's a really good teaching tool. Okay. So first off here I am in indeed, indeed.com. You're gonna follow along with me. Okay. Put your location wherever you're from wherever you're from. Put that in there. Next thing put  there's a couple things you can do here.

You can put ISSO there's a ton of key words you can use for this job. ISSO  entry level,

none  in this area.  Okay. Let me search somewhere all over the United States. Wow. It's just really going to town here. All right. So look at this information system, security officer work, most of the jobs, if you happen to be on the east coast, you should know that  you guys have all the jobs  you guys have  70% of all the risk management framework jobs.

I'm not even messing around with you, but  yeah. So you notice how all of these are Virginia. You can find a job, especially if you have a clearance. There's a couple of things that you have. You may have an advantage. If you happen to live on the east coast, you have an advantage. If you happen to have a security clearance, watch this.

If I put security  clearance, if you have a security clearance, you have an advantage. Cause sometimes they're looking for a person with a security clearance and they're they just get desperate, cuz there's just not that many people who have it. So they'll actually  pull you in and teach you if you have this.

Now, if you don't have a security clearance, another thing is you got, you could be eligible. For a security clearance.    Eligible means  you are a  a us citizen BLE. I cannot spell what the damn eligible.  my first and only language and I can't spell  eligible. Yeah. Now all I did was type in eligible and  and they, it immediately knows I'm looking for eligible active.

Oh wait, no, I'm looking for eligible.  Security eligible for security clearance is what I'm looking for, but it's coming up with active duty  okay. But a bunch of, so stuff came up eligible security clearance is what I'm looking for. Eligible security officer. Now these are physical security roles.

Okay. Here we go.  Principle means like you're a boss, so you don't want that.  information security specialists in an airport. That's physical security. Okay. This is mixing a bunch of stuff up here. Eligible security clearance.

Yeah, here we go. So  if you're eligible for security clearance, if this is another  another thing that's gonna make it so that you have a better chance of getting a job, the best thing you can have, of course, I'm not even gonna, I'm not gonna BSU  is experience. There's no replacement for it, but how do you get experience if you don't have it?

So you gotta go to entry level positions. Now, if you have zero.  if you have no it experience that is different. If you have some, listen, let me just be very Frank with you. If you have some it experience, meaning you are a system administrator, you worked on databases, you worked on cryptography, you worked on, you have some it experience.

You worked on workstations, whatever  you have a very good chance of getting in, into risk management framework. Okay. You have a very good chance. If you have zero, it experience, meaning you've never held a role at a company or a university or a private    or a government or anywhere that is different.

That is different. And the reason why is because risk management framework and security is typically not entry level. It's not like literally walking the door and start flipping burgers. Okay. That's not that this is not that kind of a job.  there's too much stuff at stake. There's too much trust that's involved.

 There's just, you're gonna be trusted with other people's information and assets. You're gonna be entrusted to know the secrets of that organization    where the vulnerabilities are. You're gonna know where they are. They have to trust you. So for that, they need a professional who has something to lose.

All right. That's why cyber security is typically not an entry level position.  I'm sure somebody out there right now is watching this saying, Bruce, what are you talking about? I'm an entry level.  I'm walking off the street and I'm a cyber security person. Okay. That's fine. But I'm just telling you typically, it's not something you walk off the street and you can do this.

That's don't lose hope. Okay. If you don't have it experience, if you don't, if you've never done any of this stuff before, there's a couple things you can do. People contact me all the time and what  the last time I did a couple weeks ago, somebody an educator contacted me and she said, Hey, Bruce  I really wanna get into it.

I want to be getting a risk management framework. I like what you're saying. It sounds cool to me. I wanna do it. She's an educator. She had a master's degree in education. She has very little or no it skills. And I said, Hey, you might wanna consider becoming a program manager, okay. Program managers work with it.

They, and in some cases they have to know our, they gotta know what we're talking about. They have to know some of our jargon. They don't have to know how to configure a server. They don't have, they don't have to know how to stand up a Linux box. They don't have to know how to reduce threats on a.  on a weapon system,  they don't have to do all that, but what they do have to do  is they have to have a certain level of maturity to manage a project and they have to have a certain level of  technical know how with things like office   so those are some of the things that you would, what I would suggest if you were trying to get in a high paying, very high, skilled, high paying job in it.

One of the things you can do is get a parallel job, which is a project manager position. It pays six figures by the way. Okay.  It's not a joke. It's no joke. Program management is no joke.    You can actually, even without an it experience, you can get in there and you can make upwards of six figures.

Look it up. Look it up.  It's a damn good job.  So yeah, number one, if you don't have any it experience at all, you gotta get it experience. You got, you have to, whether you're volunteering at your church, volunteering at your job. If let's say  you're a system administrator  you're a non system administrator.

You're HR, you're in the HR department, right? You work with people's w two S and stuff. You wanna get an it, but you don't know what to do. You don't wanna do a program management work. You don't wanna do that. You wanna do it. Okay.  Then you gotta start from the bottom. Imagine somebody walking in your job in your profession, off the streets, not knowing anything and wanting the keys to the castle.

Okay. With cyber security. That's what we're talking about.    You gotta, you, if you have no experience, you gotta get it. That means you gotta become, go to  help desk entry level position is what I would suggest if you have zero it experience, but you wanna get technical. Yes. Go into, try to entry level positions, volunteer, do it for free.

Cause that work that you're gonna put in for free fixing somebody's laptops at some corporation is not indentured servitude. It's. That you're building up experience. It's experience. You're slowly building up and putting on your resume, building up experience, putting it on your resume. Then that'll allow you to level up to another job, a higher level it job.

You do that by the way, while you're working on your security. Plus, while you're working on your a plus certification, a entry level position with an entry level certification, then once you have those things, now we're talking about months and years worth of work. This is hard work. This is not something you walk off the street and then suddenly you do it.

People are gonna entrust think, imagine your bank. Okay. LIS if you don't think it's fair, just imagine your bank, whatever, wherever you bank in the back, they have a security person who D who a cybersecurity person who has no experience, but they know where all the SU they know where all the vulnerabilities of the bank are.

They know.   Where the threats, they don't even know what threats are. They don't know what threats are, but they know there's vulnerabilities. They ran the scan. Do you want that person at your bank as a cyber security person who doesn't know what they're doing, who has no experience with it? No, you don't.

So I, when you're talking about cyber security, you're talking about somebody who's entrusted with the keys to the castle. They have to have something at stake. And that means you have to put in the work as an it for me to you. If you're an it professional, if you are trying to get cyber security, like we ha we are entrusted with something, with a lot of information  so you have to have something, you have to have some skin in the game.

That means time. That means you, you invested your own time and money to get to the skill set and the skill level that you're at. And you're not willing to risk it by making a mistake or doing something stupid. And I everybody makes mistakes, but. As you get to learn how to troubleshoot as you get to learn how these systems work, how to do backups  you begin to learn how to manage your own risk for your own profession.

You manage the risk to yourself and ran, manage the risk to your organization and the risk to the organization's information.  I hope that makes sense to everybody out there listening.  Let me see.  And I'm gonna, I gotta do a couple guys.  I gotta get going here.  I apologize for cutting this one short, but  let me see.

Can you get a ISSO job with a green card as a green card holder?   That is a good question.  Yes, you, you can, however  There.  Not, maybe not an it's gonna be harder to get an so job. Okay. But let me show you, let me show you my screen here. Let me show you how you can get a compliance job, a security compliance job with a green card.

So there are security, cybersecurity jobs  that have a  public trust clearance. It's a type of clearance, public trust clearance. It's a type of clearance that doesn't require you to be a us citizen. If I'm not mistaken.  Yeah, let me see, let me try this one here. And usually they'll say, Hey, you must be a us citizen.

They'll tell you right on there.  This one might not be, and it's not giving me that information. So this is a public trust. I think.  but it's not okay. How about this? Let's do this. Let's just be straightforward here. Let's just say, watch this cyber security    green card. They usually put GC as a green card, by the way.

Let's see cloud strike.  Let's look at this one. It will say in here. Yep. There you go. Right there. See this that's the keyword right there. See it says green card for clearance, us citizen or  green card for clearance. There you go. That's what you wanna look for when you're looking for positions now, do they do this for ISLs?

Let's see, let's just type in ISL. I don't, I've not seen a lot of green card holders be ISLs, but I could be wrong. Senior    chemist, see that see  is so  usually in ISSOs working for a high level government agency and they require that you be a us citizen. So that's why you, I just don't I off the top of my head, I don't know if any ISSOs, but I know that there's actually, I take that back.

So there's some corporations  there's some corporations who do ISSO work and they will hire a green card holder. But what I would do if I were you, is I would just

senior associate cyber risk.

See I'm currently working in an organization that  we have people from all over the world working with us. So I know for sure you can do cyber security, cyber risk in the us    without being a us citizen.  I know several people who that work on our team who are in that exact position, but are they ISSOs  we're not doing  those kinds of, we're not doing D O D type stuff.

So let me see here. I'm looking for, did I just pass it? Yeah, it's in here must be a us citizen or green car holder.  And most of these are gonna be, must be a us citizen, an our green car holder jobs. Yeah.   We couldn't find an ISSO position. That's green card, but you can find. All right, guys.  I have to go.

I gotta get going here.  Thank you so much for watching me. If you have any other questions, if you look in the description below, there'll be a place where you can actually join me all times of the day on holidays and weekends and stuff  on discord, you have any kind of questions. I'll answer. 'em when I can also  you can always email me.

   It's, cyberware 2020 gmail.com and  we can talk about  any kind, and I'll actually make a video sometimes about people ask me really great questions that I think could help many people. And you'd be surprised sometimes people ask me a question, but several other people ask me that exact same question.

So I know it's something that is relevant and I know it's something that needs to be addressed. So then I'll just go ahead and make a whole video about it. All right, guys. Thank you for all your questions. Thanks a lot.  Copy. If I didn't answer your question, please answer, ask me on discord in the linked description below    spades.

Thank you so much for that. I hope that's how you pronounce your name.  Marcus, thank you for your comments. I did not get to your comments, but    let, what I'll do is I will copy this and use this for another time. Another video. Thank you guys so much for watching. Join me on discord. If you have any, if you have a pressing question and we will talk.