ConvoCourses

http://convocourses.com
Full video on Youtube.com/convocourses
Hey guys, this is Bruce and welcome to convo courses, podcasts. Every week. What I do is I talk to you guys about cyber security, mainly speaking on security compliance. And I'm opening this things up to questions. So if you have any questions during the course of this live session, feel free to ask 'em.
This is the perfect time to interact with me. And if you didn't know, I'm the sole proprietor owner of convo courses.com where I got tons of free stuff. If you're interested in cyber security compliance in particular, lots of downloadables, lots of free stuff for you to check it out.
You might not even be interested in cyber security, but outta, unless you try you, you must been hearing about it. It's a hot career path and let's get right into this. So what I wanted to talk about today, If somebody on TikTok said just another guy selling a book and yes, I am selling a book, but I'm also selling courses.
I'm selling my time. But it, the thing is I've been doing this for years. , it's I've been putting free content out for years. My. Has something like 600 free videos where I'm putting people on how to get into cyber security, how to do cyber security compliance how to secure their system.
All things, cyber security I've been talking about for free and you can still get this stuff's all out there. So if you're interested in this. The best place to follow me. If I can't, if you wanna get stuff for free, you wanna try it out or whatever, or get information is to go to YouTube.
YouTube has hour long. Literally I do these every week. I've been doing hourly long videos for years, teaching people, just ask me questions and I'll just go ahead and speak for an hour straight about a topic. Yeah, I am I selling a book? Yes. On Amazon, I'm selling a risk management framework. I, this Audi, most of the people in this audience will not be interested in that book.
I'm selling to a very niche group of people who are interested in this is people who are in cyber security, trying to make big money. Not everybody is willing to do, take the time to to learn this trade. And to get into this and they want that quick money, but this is not quick money.
This is long term money that's gonna help you and your family for years. If you are interested in that, then you come to the right place, cuz I'm here to teach. And if you're here to learn then let's do this. Somebody said what up family? Somebody said any thoughts on IBM cybersecurity certificate on Corsera is really dope.
Corsera if I'm not mistaken they're also doing the Google support it certification. So Coursera is incredible. Another one I would recommend is you to me. I've taken TMY myself, actually, TMY is incredible because it has a lot of entry level courses and stuff. IBM cyber security certification.
My opinion on it is I really, this is the first time I've heard about it. That being said, one of the things that you wanna look into whenever you try to get a certification is how. How popular is that certification that matters to give you an example of why that matters is because there's a certification called the C and it's a certified ethical hacker cert certification.
And it's got a lot of attraction, like HR departments, companies know what exactly what it is and what it does. It's for people who do pen testing it's for people who are looking at cyber threats. Cyber threat analysis, things like that. Now in the hacker community, if you talk to most hackers, people have been doing this for a while.
People really know what they're doing. They hate that certification. The reason why is because the certification is a, not, I won't say it's a money grab, but it doesn't. It goes into a lot of the tools that you use for the trade, rather than the actual theory. And I having read through the books for C I would disagree with that.
They treat you a lot of the fundamentals that it takes to learn the basics of hacking and goes a little bit deeper. So I would say it was from basic to intermediate.  But it's got a, an unfair shake in my opinion, from the hacker and the pen testing community, because it just doesn't go deep enough and they want it to be more hardcore.
If you want something more hardcore, you wanna go to the SC P O S C P or Cali Linux, stuff like that. Those certifications have more hacker respect. What the point I'm trying to get at is C is a very marketable certification. If you have that certifi. You're looking at and a little bit of experience under your belt.
You're looking at six figures, but that's because it's a popular certification. So IBM cyber security certification I'm saying is not super popular. I'm guessing, but let's take the guesswork out of it when I'm gonna do right now is I'm gonna go to, I'm gonna go to a. And I'm gonna show you what I'm talking about.
As far as marketability of certifications, you wanna look at the marketability of a certification. Let's go to indeed.com. One of my favorite sites to go to for job searches. And I'm gonna show you, let me show you my screen real quick while I'm doing this. Somebody ask me what search do I have?
I'll answer that in a second. While I'm doing this C I S P and Cap and a few other ones, but let me show you what I'm talking about. Oh man. You can not see that. Okay. I'll just walk you through it. Okay. So I've got a bunch of people watching, so I'm on indeed right here. And I'm gonna type in IBM what'd you say security certification.
You said cyber security certification cyber. And this is what you wanna do with any kind of certification that you are trying to pursue. You wanna see the marketability of it? Cyber security, certifi. You can just go to any kind of job aggregator such as LinkedIn, indeed monster and just type it in. So it says there's no searches, but that's because it's only searching in my area of Colorado.
Let's look at all the United States and let's see how many certifications how many people are looking for the certification. So I did a search here. And it's saying that there's 11 jobs looking for the IBM certification where that keyword came up and really it's not even it's keying in on certification security.
It's not really finding the IBM certification, but let's take an equivalent certification. Let's say equivalent of cyber security certification. Let's say it's a security plus. Now watch this. I type in security plus comp Tia. In fact let's narrow it down. Comp Tia security plus certification.
There are 9,000 jobs. That's what that says right there. Nine, 9,000 jobs for the comp Tia security plus, and look at the look at what they're paying. Now. This is for a junior ethical hacker, but that's not bad at. And it's getting you into ethical hacking, which is pretty good. It's I've.
So my opinion about the IBM certification is doesn't have traction just yet. A lot of these vendors will try to create their own, and this is coming from somebody who has vendor level certifications. I'll get into what kind of certifications I have in a second, but vendor level certifications, some of 'em don't take off some of 'em don't they lose traction.
And because it's the company, the organization doesn't market them effectively. And what they lack that some of the certification organizations have. A couple being ISACA, which has C I S a C I S M C risk and some of the others comp Tia, which has a plus certification network plus certification security plus certification and others.
And then you have is I C ISC two squared, which has CS S P and a couple of other big time certifications. What these guys do right? Is they market the certification. They know who to talk to, to get in on these lists, the government lists to say, Hey, these are approved set of certifications. They market it so that other people have to take the cert.
And then it becomes a requirement like they did with the C the marketing on C is incredible. Like they did a great job on the marketing aspect of it. So my opinion of the IBM cyber security certification, it doesn't have traction just. I would probably go for something like the sec security plus if you're trying to get in the field and make money.
So that's my opinion about it. I hope that answers your question. That's a question from TikTok, by the way. Here's another question that I have from Floris floes leak. And it says, what kind of certifications do you have? Certifications that I have. Okay. I've got the C I S P that certification singlehandedly changed my life as a professional level certification from ISD to squared.
I got it when it, not when it first came out, but shortly after it came out. So I have a pretty low number. They have a set of numbers. So I got mine in like 2006 or 2005 or something like that. And then I've got the ISC two cap, which is it's for a security compliance for N 800. I. I've had two different versions of the security plus one of which doesn't expire.
Cuz I got it. Like when it first came out, I used to teach security plus comp Tia. I had the original network plus the original, a plus, which was one certification now is two. I have Microsoft C I've got, I had the CCNA, but that expired. I don't like, I don't, my, that knowledge has left me. If you don't speak a language for a while it's gone.
I understand still the basics of, I, I could probably configure a router or something like that, but it will take me a minute. Then I've got a bunch of vendor level certifications. I've got one for arc site. I've got one for QS. I got one and I got a few other ones, and I'm not people call me a paper tiger or whatever, cuz I, I go out and get these certs and stuff.
I normally, I would get the cert based on the job I'm in. If there's a job I need to do. And they need me to do learn this particular, this a certain thing. Then I'll go out and learn that. So that's why I have so many certifications. I got 'em outta necessity. I didn't get 'em because I was trying to get a bunch of certifications.
It was all for me. It's outta necessity. I got other things to do with my time. , you know what I'm saying? Like the next certification I'm gonna get is probably gonna be a cloud based certification. Like I'll probably get that AWS. Cloud practitioner one coming up real soon because people keep asking me questions about cloud.
I'm like, damn, I don't really, I'm not really deep on cloud, so  okay. Let me see. Jimmy says thanks for the breakdown, man. I really appreciate that. Hey man, no problem. No problem at all. Okay. So I wanted to take some have people call in, but I'm having, I don't have a lot of people joining me on YouTube, so I'll wait on.
In the meantime, what I can do is I could take more questions and I can actually teach some stuff on a N 837. Or, you know what I think a better thing to do is to speak a little bit more on certifications since I got a lot of people asking questions about it. Okay. So certifications, I would recommend let's talk about that certifications.
I would recommend I'm gonna talk about the Entry level intermediate to expert. Okay. Let's start with intermediate entry level certifications. So entry level certifications. I would highly recommend in this order. If you let's say you come in off the street, you get, you know anything about it or computers.
I would recommend a plus certification. That was the first one I took. It was, it's a great introduction into the common body of knowledge that you need to know in order to troubleshoot. Systems and how to secure them as well as the networking aspect of computers. A plus certification is one of the best ones from comp Tia.
So comp Tia, let me just show you what that site looks like. CompTIA. Another one I would recommend would be the Google support it certification. This is comp tier right here. It's one of the top certification. Organizations in the world, CompTIA, they got a plus they got network. Plus they've got cloud plus they've got a really good course curriculum that breaks down the basics of what you really need to know for this career field.
So it's a really good starting point. I would say. And then another one I would recommend would be the Google. It support it, which a lot of people are getting jobs off of that for some reason. And then the other one I would highly recommend for entry level. If you've already taken the a plus, if you've already taken security plus stuff like that, ISS.
Certification AWS cloud practitioner. This is this one's hot. Because Amazon, if you didn't know, owns a large percentage of the market share for cloud. So they're competing against Google. They're competing against, Oracles in there now, but the biggest competitors is Microsoft and Google.
Microsoft has Azure, their Azure product. And then Google has their own cloud based products and the go. Of the world are, and other companies are starting to use their cloud services, but the ones that they use the most is Amazon. I believe like Netflix, Netflix uses Amazon cloud services and then other like large organizations multi-billion dollar trillion dollar organizations are using, or either they already have their own cloud service or they're using Amazon Google or Microsoft Azure.
So those are the three entry level certifications that I would recommend. Intermediate let's say you're already an it person. You've got three years under your belt doing it. You, your work on help desk, you work as a customer support. What would I recommend? I would recommend for entry level or intermediate is to go for a professional level certification.
That's what I would recommend. That's a CIS S. Top one, especially if you're doing cyber security, I would recommend if you're networking, then you want to go with either a CCNA security or a CCNP security. I think they have a CCNP cloud and a CCMP video and all kind of other CCMP. These are not easy certifications, but CCMP is from Cisco.
It's one of the highest sought after certifications out there. It. It's gonna pay you a lot of money. That's why I'm saying that you should do it. And on top of that, you're gonna really know what you're doing because and then a, they, Cisco owns a lot of the market share for networking technology.
The only other one that comes close is like Huawei, which is in China and is banned in the us and parts of Europe. Their products are, and Juniper and I think Palo Alto or something like that, that even come close to their market share, but Cisco's the best. And so that's why we recommend that's one of the, one of the few vendor level certs out.
You could get by yourself. You can get that one cert by itself. And then that would be incredible. Like it would. It will butter your bread. It will. It's gonna pay your bills.  it's and then expert low level certifica. Oh, another one for intermediate would be there's red hat certifications that if you happen to be a red hat person and then there's Microsoft, if you, so once you get intermediate.
Entry level is gonna be like basic stuff that you need to know. But once you get into intermediate territory or professional level territory, you have, you're going to drill down into one or two products. Like you're gonna be really good on one or two products. You're not gonna be a master of everything.
So once you get to that level you're gonna wanna get a professional level cert in that field that you're in. If you happen to do Microsoft, you're gonna get I don't know what they're calling it now. MCs. MCSE. Is that still valid?  I haven't done Microsoft in a while, so I might be wrong.
Let me see CSE and correct me if I'm wrong, guys, if I'm okay. Cuz I know that they changed it recently. Yes. Still MCSE. Okay. They have different. Okay. It's definitely evolved quite a bit. MCSE and MCSA yeah, that's a professional level cert as well. And then Cisco has CCMP so you'd wanna go deeper into whatever product that, once you get to the professional level, then at the expert level.
That's very specialized typically. So an expert level cert would be would be a C, C I E. And a lot of people, most people don't have it. It's like the equivalent of a PhD. Not many people get those because they're super, super hard. And it takes a toll outta your life. It's serious.
So C I E if you're in, if you're in networking, another one would be. I think there's an there's one in hacking called the O S C E, which is super high level. I don't know much about it. I just know it's a high level expert level certification. And then there's GS E which also not many people have, cuz it's just super expensive and super hard to get.
So you've got entry level certifications, which are usually called like core CompTIA calls 'em core. They're. Entry level or associate, then you've got professional level certifications. They're called the usually professional level certifications or intermediate certifications. And then you got expert level certifications.
What do you think about the IBM certification on a program on KRS Coria? So I already answered this one, but your quick answer would be that I don't think it's a very popular certification. I'm not trying to hate on IBM certification. Now, if you, if it happens to be your first certification, it just add a caveat to it.
If it happens to be your first certification, go for it. If it's your first certification, you're trying to learn it and they're giving it out for free. It won't hurt to go ahead and try it. But as far as if you got the certification, would it be marketable? I don't know how marketable it's gonna be like a security plus will be way more marketable.
I'm just telling you guys honestly like a, that IBM certification is not on any, it's not on the D O D approved list. It's not, I just heard about it on TikTok. It must be. They're giving it out for free because more than one person has asked me about it. If you happen to be learning this, go for it.
If you're like learning this from scratch, go for it, do it. But if you wanna level up at some point, take that one and then do the security plus security. Plus once you get that certification under your belt, it's marketable. Like you could put it on your resume. And get a job. So I don't know if you can do the same with IBM cyber security.
I'm not trying to hate on it or anything, but go, I'm saying, go for it. IBM is dope. I just putting IBM actually IBM itself is a key word that you could put on your resume. So IBM itself would be good to put on your resume. IBM security program. I'm sure it, it would make you a little bit more marketable than you are.
If you don't already have it on there. That's my 2 cents on it. Cisco does have some free search too. I'm not sure if they're already covered. Oh, really? I didn't know that. Cisco has a C E N T, which is an entry level certification. I think that one's pretty good. And then.
Above the CC E and T you have a CCNA and then above CCNA, you have specializations of CCNA, and then you have a CC N P, which is a professional level cert, which goes pretty deep on different technologies. Yeah that's the whole thing then CC I E is like expert level, top tier type certification.
I've known a few people who have the C I E, but they're pretty rares. I've known a lot more people who have the CCMP or a CCNA as matter of fact, I've had a CCNA before. Okay. Let me see here. Let me see if I got any more questions or stuff I want to talk about. Okay. Here's one. I wanted to talk about the pros and cons of cybersecurity.
If you guys are interested in joining a call that I have right now on YouTube, feel free to jump on. This broadcast on YouTube on just go to YouTube type in combo courses. You'll see me there. And then I will a give you a link if you're interested in this. And if not, that's cool. Let me see, I'm gonna talk to you guys about the pros and cons of it.
For, I get a lot of people who are contacting me, who are new to this and who want to get in this field. And I feel like one of the questions they should ask is what are the pros and cons of this, especially if they happen to. A nurse or a teacher or some other profession trying to get in this security field in this field as a cyber security person or it person, what are the pros and cons of this and the pros and cons of it really depends on, I think, on where you're coming from.
If you happen to be in the service based industry and you're dealing with a client, a lot of clients and you happen to not to hate to. Love dealing with people. You happen to be an extrovert. You love interacting with people, and it's just boring where you don't have anybody to talk to makes the day go by faster.
If you have somebody to talk to then one of the negative things about can be with it is that you sometimes you're isolated. Sometimes your. Sometimes a job makes it so that you're actually isolated to where, for example when I was a network engineer, we just, sometimes we'd be in the com closet, the computer, the communications closet hooking up wires all day.
And I wouldn't see a person. I wouldn't see a human for six hours a day, like four hours. I'd be in this computer room, this cold computer room. With no windows fixing a router, just trying to, trying to fix the iOS on a router and backing the router up and stuff like that. And it would take all day cuz it be something wrong with it.
For whatever reason, it's not connecting to the next rest of the network. I'm connecting a bunch of systems to it. Or I'm trying to figure out which wire's not working or. Or I'm trying to turn on port security on a bunch of ports or something on a switch. Like I'd just be messing tinkering with this thing for hours.
If you happen to be an extrovert, that can be a negative thing. If you really like interacting with people, that's one of the negative things about it, but. It really depends, cuz not all jobs are like that. It could be a positive thing if you happen to be an introvert, like you don't really want be in the industry, the service industry, for example, you just don't really want to talk to people you don't wanna really deal with this kind of stuff.
Then it's perfect for you cuz you'll be in locked in a closet programming or something all day long  so it really depends on what you wanna do? Pros and cons of it. Let me think of some other pros and cons of it. And if you guys happen to be in it, I wanna ask you guys, what are the pros and cons of being in information technology?
What are the good things about in being in information technology and what are some of the bad things about being in information technology, please chime in. Feel free to talk to me about it. I'll read your comment on there, but another one good thing I would say. It is that it, it pays pretty good.
Like even if you start off entry level and you're not getting paid really good after about a year, if you put that stuff on your resume, you work your resume, you can very quickly escalate to another level. And a lot of career paths don't have that kind, that level of they don't have that kind of progression built into the structure.
Like I know that my I've got a few friends and family who were nurses. Who were doing nursing or they were CNAs or something like that. And I noticed their progression's a lot harder. Like it's really hard to go from say a certified nursing assistant to a nurse. There's a huge gap in pay and skillset.
And there's just this huge gap between those two things you would think it's close. It's not close at all. Like a certified nursing assistant. Is a huge gap. Whereas in it, you can quickly progress one like one skill at a time and make a little bit more money, little bit more money, little bit more money.
So that's one of the pros and DG five, one says remote working is a pro. Oh my Lord. That's a great one. That's a great point, man. Thank you for bringing that up. Remote work is one of the. Things about it, the it field in my personal opinion because a lot of people don't have that option.
I think if you're a nurse, you'd be a traveling nurse and you can have remote work and then, but you're still traveling. You're still going to site and stuff like that. But with it, you can truly be remote, and there's networking jobs that remote, there's Infrastructure jobs that are remote there's cyber security jobs that are remote there's computer consulting jobs that are remote.
I, that was my last position. There's cyber security that are remote risk assessments that are remote customer service, technical that are that's remote. There's so many remote positions and that's one of the great things about doing remote. Let me see. So somebody said somebody said, do you need computer science degree to start no.
To do in cyber security or in it? No you don't need you don't need to have a degree to get into. To get into it. So the caveat to that is that I'm gonna prove it to you. I'm gonna show you some I'm gonna actually prove to and show you what exactly what I'm saying is true. So do you need that kind of those kind of computer?
So first of all, let's break this down. A computer science degree. It typically the courses typically focus on software engineering. Okay. Computer science. I don't even have a computer science degree and I've been doing it for 20 years and I'm making six figures working from home. Okay. I have a bachelor's degree in information technology, but I know people who have a bachelor's degree in information systems.
I know people who had math degrees, actually I know people with double's that's a electrical engineer who are working in this field as cyber security. So typically. If there are, if they are looking for a degree, you don't even have to have a computer science degree or a cyber security degree. You just need something in stem, which is science, technology, engineering, and mathematics.
If you have that with a little bit of experience, you can get, you can get in there and make really good money. Now that being said, There are jobs that don't require a degree at all. Now let me qualify that. So they do expect you to either travel a lot or learn very quickly, or have a G E D high school equivalent or.
Be working on a degree or have a certification or have a certain skill set. They usually want you to have something without a degree. And it's probably not gonna pay as much. That being said, two of my mentors who taught me all kinds of stuff did not have a degree. And they were the highest paid guys in the room at any given time, but they were brilliant.
They were brilliant. They were coming outta the military with three, four years of experience. They were the main person everybody was relying on. So I'm just trying to qualify this, but now let me show you where jobs, where you don't need a degree working in it. So what I'm gonna do here is I'm gonna go to a, I'm gonna go to a
Job search engine. And I'm gonna show you how you can find these jobs where it doesn't need a degree. Now it does need you to know you gotta do the work. They're gonna expect you to know exactly what you're doing.  So you gotta actually have some knowledge of it. I'm not saying you can just walk in off the street.
This is not sweeping floors. You know what I mean? Like you have to know some stuff to come in to do this. So if you wanna follow along, let me just explain to you what I'm doing. Cause I've got people listening in on this as well. So what I'm doing is I just went to indeed dot. Okay. And I do job search. I remove the state.
You gotta remove the state. Because sometimes it'll come up with your local state. If you happen, you can also do this on LinkedIn and go to the search results. And then what you're gonna type in is entry level entry level it, okay. That's all I'm typing in entry level it
and. It'll come up with a bunch of stuff. Now we've got all kinds. Okay. Here's one help desk technician. What you're gonna do is you're gonna go down this list and look for positions that don't require a degree. So you'll go to the requirements. You'll go to each one of these jobs. I clicked on one called help desk technician.
And it's in it's remote job in Missouri and there's, here's their requirements. They said proven experience with help desk and customer service role customer. Customer oriented in difficult situations. Tech savvy must be able to be a part of a team be able to speak proficiency in English communication skills and it's a 40,000 to 60,000 per year job.
They're not saying anything about a degree. This is the kind of stuff I'm talking about. And what all I did was typed in entry level. It that's, this is the kind of jobs you can get. You don't actually need a degree. And that's another positive thing about it is that you, it's. So in demand that a lot of times you don't actually need a degree, but you're gonna have to look for those jobs.
And in addition You you're gonna have to know what you're doing because you saw that what they wanted you to have was a proficiency in actually fixing the computers. And they're looking for you to already have one to two, two to three years. Actually they're saying here in a position that said, or one year experience.
For entry level positions, and there's all kinds of positions like this that you can find, but you gotta know what you're doing. You gotta do your due diligence. And that's why I always tell people, Hey, go for an a plus certification, cuz it's gonna break down the fundamentals of what you really need to get into this field, to get in an entry level position, just like this.
All right. I've got some people who are joining me on YouTube. Let me just read a couple of these questions here. Somebody said Tony said. Thanks Tony for the comment he says I work in cyber security and I have a criminal justice degree. I have a criminal justice degree. I have a C I S P.
That's awesome. That's incredible. Tony, you should are you actually working in the field right now? Do you have a job in information technology and what's the status of that? Is it doing pretty good? I would be really interested in this. When I was in the military, I worked as a.
As a security forces member, where I had associate's degree in criminal justice. And I was like, man, I don't wanna get out and be a police officer. This is, it was a tough job. Like it was not an easy job, mad respect to police officers, cuz that's a thankless job where your customers. Hate your guts.
and you're dealing with the worst parts of society. A lot of times you're going and you're going in an and. Talking to people on their worst day of their life. And so they're not usually in their best frame of mind. It's a hard, it's a hard job, I know all the stuff going on with police officers today, and I'm not at any, at all, trying to justify some of the bad police officers that are out there cuz there's there's like right now, this is the epidemic and the police department's defend these guys.
I'm not saying that stuff is good. Like with some of the stuff that's happening, it's good at all. When I was in, they, when I was in the military, they, if you slipped up at all, they weren't did not have your back. You were, they threw you right under the bus. Like you better you were held to a higher standard.
And that's how I think police officers, the whole industry should be, but it's not, that's not what's happening. That being said, mad respect to that profession because it's very difficult and not everybody can do that. And I wish they would stop putting people in those positions that don't, that shouldn't be police officers cuz that's what's happening.
Okay. Tony says I'm actually a cyber security manager at oh KPMG. That's one of the top big four. That's one of the big four, one of the top. If I'm not mistaken, that's one of the top accounting firms in the us. There's four there's de. There's ston young there's P KPMG. And then there's one more.
I can't remember what the other one is. If you guys can remember what it is, please chime in. He says he acts as a cyber security manager at the okay. That's awesome, man. I do. I work in GRC work. So what kind of things do you guys do? Do you guys. So that means you're in the financial sector.
Do you guys have a system security plan where is that a, it's a package where you put all the security controls into one package and then you get the system authorized. I'm sure you guys have risk assessments. You guys have things like continuous monitoring. You guys have things like, but do you guys have like a system security plan where it's.
All of the documentation for all the controls are put in one place in a database. And that's shared out to the organization for some sort of approval with your C level execs and for the agency to approve that system. I'm very curious that you got, if you guys have something like that, do you guys also use Sarbanes Oxley?
That's a, if you didn't know, that's a security compliance set of rules. That banks, financial institutions, investing institutions use to make sure that the organization's doing what they're supposed to do. I'm very curious about that, Tony. And while you're answering that one, let me see somebody else.
Ask me another question. They said anyone trying to get into cyber and it. Should get in the help desk. That's yeah. That's definitely a big step up. It's a great way to learn the foundation that you need to get ahead. Oh man. SS that's some great advice. Great advice. Okay. So while I'm waiting on Tony to respond, I think I'm gonna go to assess this comment.
So you work in KPMG. And then you said you work in GRC. Okay. I don't know if Tony's gonna respond. So let me just go to SS. So SS says anyone trying to get into cyber and it should get into help desk. It's a great way to learn foundations. It needed to get ahead. Absolutely. Another thing I would add to that is that if you do help desk for some time to help desk, okay.
So there's a lot of different names for help desk. You've got customer support, technical customer support. You've got field tech, one field tech two, you've got a lot of different names for a help desk person, but essentially it's the first line of defense. Outside the user themselves, the first line to defense in the organization, the first person somebody calls.
When their computer is not working properly or it needs to be updated and something went wrong or they need a backup, a quick backup of a desktop or a laptop or something like that. Or they need to reconfigure their laptop or re-image the laptop or something. That's the, when they call the number, it goes to help desk.
That's the first person that they're contacting. It really is great for your resume because it's gonna give you. Like one, two years of experience where you actually get exposure to networking, you get experience with a little bit of a little bit of cloud technology. If they have that in environ environment, you get a little bit of, you might even get to touch on servers, some net routers and cyber security, of course.
So you just gotta put all that stuff on your resume. So that after about a year of work with that, Being on the help desk being on the front lines of that organization, that you can go ahead and level up after about a year. So yeah, a help desk was my actual first position on the job training. It was.
That was incredible. Like that experience I don't take it for granted. Like when I was there, I was just wanting to jump into routers or do firewalls or something like that, something specialized, but that foundational knowledge and skillset that I got of troubleshooting. And trying to figure out basic problems on those computers in a production environment, that experience, and that exposure allowed me to get into things like do deeper dives into things like networking.
Cuz I did network engineering for a while. It allowed me to do deeper dives into. Learning to build a software in a real environment, like how to, how not to develop software  in different environments, like webpages and stuff and web applications and things like that. We didn't have that many back then, but from time to time we had to touch those.
So those are some of the stuff that I learned on the help desk. I would SS I would definitely agree with you on. All right. I've been talking for a little bit. I really wanted to test out I'm on this new thing where I can actually have people call in. I'm gonna keep using this until I can get people to call in and add their 2 cents on.
On things like cyber security and security compliance, maybe next week, we'll do this again and then have people call in. But if you're interested in calling in at some point give me your email and then I'll let you call in and I'll let you speak. On all this stuff. And but for today, I think that's about it.
Thank you guys so much for your questions. Thank you for your comments. Thanks, SS. Thanks Tony. And all the people on TikTok. Wow. There's a lot of interaction on TikTok with just a very few people who've been follow me. So thank you guys for that, but I'm gonna close this thing out.
Thank you so much. Let's close out TikTok first in the live show. And then I was also live on the podcast that's over and thanks so much once again, as always. Thank you so much for joining me on YouTube. Thanks for your questions. I'm outta here.

New podcast link: https://convocourses.podbean.com/
check out the new books on amazon and audible RMF ISSO Controls: https://www.amazon.com/dp/B0B6QKT8DR
SCA Course (early release) https://securitycompliance.thinkific.com/courses/rmf-isso-security-control-assessment
Audible book: https://www.audible.com/pd/B0B4PYJ9JV/?source_code=AUDFPWS0223189MWT-BK-ACX0-312685&ref=acx_bty_BK_ACX0_312685_rh_us
check out our courses at: discord: https://discord.gg/esJAz2enBW facebook: https://www.facebook.com/groups/719892952526379
 
Hey guys, this is Bruce and welcome to combo courses, podcast. This is gonna be a short one. I just wanted to talk to you guys about cyber security, it jobs, resume marketing. Now we talked about this the last time we did a live podcast, but I wanna talk about it again and go a little bit greater detail.
And my purpose here is to help people to know what to put on the resume to actually get a job in cyber security. Cuz a lot of people are asking me questions about like, Hey Bruce, you know, I'm, I'm in it. Like what, what do I, I'm trying to get a level up in my job. I'm trying to make more money. Like what do I do?
So I'm about to tell you exactly what I do on my resume. As matter of fact, I'm gonna go into pretty good detail about. And I'm gonna show you where you can get your own resources on how you can figure this stuff out. Now, this is what you're seeing here on the screen. If you happen to be watching me, if you happen to be listening, I'll explain everything.
I'm writing a book called cyber security jobs, resume marketing, and it's gonna be a series of books. That's gonna break down exactly how to target, what category of cyber security you want, cuz it's a pretty big field and it breaks down into all these different parts. And then it's gonna talk about how to actually market yourself, how to get the keywords, how to find those keywords in that targeted market, and then put those in your resume and then how to actually write an impact, an action statement bullet in your resume.
That's very powerful and it's been working for me for years. This is stuff I learned from the military when I was getting out and also just from experience, just like doing this stuff myself. So let me just get down to what I'm talking about.  now what, what you should do if you have any it experience is you've gotta put what you've done on there.
As far as your cyber security, like what, and if you've done it more than likely you've done cyber security, you just didn't know it. And so I, I have evidence of that. Let me show you evidence of that. So what I do is security compliance and in security compliance, we have to know a lot of security controls are going into not only the information system, but the, the organization as a.
Meaning it's not just the actual system that you're locking down and putting, you know, very complex passwords or making sure it has audit logs or making sure there's a, a whole space firewall on it and stuff like that. And anti-virus, and all those are all security controls that you're probably familiar with.
If you've ever done any of those things, guess what you you've done cybersecurity, and you need to put it in your resume. So in this book, what I'm gonna do is tell you not only what keyword to put in there and where to find those keyword, but also how to word it, how to word it and explain how you, how you participated, how you conducted and enabled configurations for security controls.
In secure, in in security compliance, I'm very familiar with all of the rules and all the security controls and one of the actual compliance.  frameworks that I use is N 800, but there's many others. There's HIPAA. There's PCI compliance. There's some of 'em are just laws that kind of briefly explain what you can and can't do.
Some of 'em are in very great detail, like N 801 of 'em is called a CIS security control. So I use that one as an example in my book, cuz it's just a perfect it's it's perfect for what I'm trying to show you because N 800 is just, has it has over a thousand controls  so that one wouldn't be, it wouldn't be right for this particular book.
Like if I I'm writing a spec, a book about that one or I'm breaking it down differently. And I actually have written, written a book on that one already, but I'm, I'm writing another, a whole series of books just on this 800 and how you can use it practically. But for the purposes of getting your work experience in what I do is I tell you, okay, here's how you put it in.
Here's the format you use. That's going to help you. To get your resume in front of more people, it's called an ATS style resume. Here's how, here's how the date should look. Here's how it should look when you put your position in here's how all of that stuff's in here. But more importantly, what I do is, and there's some misspellings in here because I have, I've gotta edit it and I'm actually working on that now, but just kind of took a breather and, and took a break so I can show you guys what I'm doing here.
So what I wanna show you that's important is let me see, I'm getting down. Oh, here it is right here. So here, if you could see my screen, these are all the controls that, that are in the CIS security, critical security controls. This is also known as the sand. Sand's top best practice best security practices.
But these controls explain all the things that an organization needs to have in order to secure their system. If you've done any of these things as an it professional in your profession, any whatever profession you're in profession, you're in, you've done these things. You have done security and you need to put it on your resume.
You need to put it up front in your resume. So let me just go through a couple here to give you an example. So I'll pick a couple here. One is here's what's a good one. Let me see if you've done. Okay. Here's here's a good one. Here's a couple good ones. One is email. Well, we'll start with audit logs.
I like that one audit log management. If you've ever turn enabled audit logs, for example, if you've ever monitored audit logs, if you've ever. For EV any reason had to analyze the O audit logs. That's a security, that's a cybersecurity thing you gotta put on your resume. And audit logs. If you didn't know another name for it is event, event, viewer event logs, you know, different systems call it like slightly different names, but it's all, it means the same things.
It's the logs that are in the back end of the system. That's telling you if the system is shut down or if somebody is if somebody is attempted to log into the system, but it was logged in, in unsuccessfully or, or successfully or whatever those are logs, audit logs. Another thing we'll talk about is EV email and browser protections, email and browsers is probably one of the biggest threat vectors or biggest ways that, that attackers adversaries can actually infiltrate an organization.
Cuz email, think about it, fishing. Like when somebody sends a fake email with a clickable link and then, then somebody who doesn't know any better, they click on that link. And it takes into a malicious site that malicious site downloads something to their system. Yeah, that's, that's one of the main ways right now that's happening that that sites and organizations are getting infiltrated and web browser protection.
That's another one, everybody interfaces with the internet. Most of the 99% of their interactions with the internet is through a browser. So it's important that that browser is up to date. It's important that it has any extensions. Those are approved in extensions, things like that. Malware defense. That's another one.
This is like making sure you have anti-virus. So let me show you, how do you word these on your resume? How would you go about wording? So what I did was I broke each one of these sections down to explain how you word these on your resume. So let's go to the ones we just talked about. We'll go audit, audit, log, manage.
So what, first of all, explain what it is. Audit log management audit logs are gathered on servers, end user systems routers, and other systems to prevent to detect, prevent and understand possible security incidents on the enterprise. That's what they're for. It's not just for security. It's actually for maintenance as well.
So how could we word this? So one of the things we could say is that you ensured that audit logs were enabled in a mixed mode environment. Mixed mode means like you didn't have just windows, you had Mac and you had Linux or whatever. And you allowed detection of threats against assets against assets in cybersecurity.
Okay. This one, I, I have to reword this one.  I did reword that one. So in my, my next draft, but let me, let me just give you another example. Conducted security, audit, log, an analysis to detect anomalies or. Abnormal events that might match adversarial tactics, techniques, and procedures that are in the Mir attack framework.
And the reason why I put these together, this, this sentence is, is very tactical because I put a whole bunch of keywords in here. They wanna see that, you know, the Mir attack framework. If you don't know what it is, go look it up. It's, it's really important to cyber threat intelligence. Whenever you do cyber threat intelligence, it's like a breakdown of different types of attacks.
And I'm sure most of these you'll be familiar with like, how do people infiltrate a, a network via a Trojan, a Trojan horse? How do they, how do they actually infiltrate? Mir talks about things like that. Mir talks about cross side scripting, Mir talks about escalation of privileges. It breaks all these things down and kind of gives, gives you an idea of the path that an attacker and adversary takes to get into a, a network.
And you use the terminology to, to.  basically establish a pattern when, and this is really good for writing reports. It's really good for your resume. It's really good for articulating what kinds of threats and what kind of vulnerabilities you have to avoid within your organization? So this is a really good key word, and I see it all over things like if you're going for a cyber security analyst, Mighter you, you need to have that on your resume.
And then audit log analysis. This is another key word. So you can see that what I'm doing is I'm talking about, I'm given the action of what you did pertaining to cyber security. So if you've done it more than likely you you've done something with audit locks, you have to articulate that. So I give you several different examples here of how you can articulate and how you, how you can word your the, the bullets on your resume.
And I apologize for this. This is like a rough draft. I'm actually, I have another updated one that I I'm working on. On my other computer. So let me show you another one. And here's another one right here. This one doesn't even have bullets on it. This is showing you how I'm literally working on this as we speak.
So bear with me here. Let me just put some bullets on it. So it's clear to, to read. Okay. So this one is CI CIS control nine email and web browser protections. What is it? So it's protection of email and web browsers. And, and this has everything to do. What we talked about earlier, which is making sure that users are educated on things like social engineering.
What is it? How do you avoid suspicious emails and clicking and opening up things that you shouldn't open? Well, how do you put this on your resume? Cause more than likely you, if you've done it for some time, you have done something with this. Now keep in mind if you haven't done this before and you're trying to get into it.
If you're trying to get into cyber security, this is a great opportunity for you to. What you need to what experiences that you need to have, what things you need to study, because this is the kind of thing that employers are actually looking for. So let's just go through a couple of these. So one is updated signatures on enterprise antivirus software for proactive protection of 1500 endpoint devices and servers on the land.
So we've got a couple of really good keyword here. We're talking about anti-virus software, we're talking, we gave an, an impact. Now this is another thing you use numbers to establish the impact to your actions. Cuz it's one thing to have an action, but it's a whole another to actually show the impact of what you did so that the employer, when they're reading your resume, they're like, okay, this guy does know how to do antivirus, but wow.
They did 1500 InPoint devices. Okay, this person really knows what they're talking about. And another step you can do is actually name the actual software that you used. That's also a great tactic. Because a lot of times, like what I've noticed in right now, I'm, I'm actually interviewing for jobs and stuff and they keep asking me specifically, do you know semantic endpoint protection, because that was on my resume to keep asking about it and have I implemented it?
Have I maintained it? Have I configured it, all those kinds of questions. So you can name the actual anti-virus enterprise antivirus that you actually use, whether it's Soho or if it's semantic or, or, or AFF or whatever it is, you can name it. So that they'll know which one you're using. And that becomes a key word as well.
Let's see here set up DLP technologies like Proofpoint email. See this one. I'm I'm mentioning it. DLP and C a S B Microsoft information protection MI Microsoft security, suite defender. So I'm naming a whole bunch of, of, of, of tools here. Tools are also a are also a key word. So that's something that you should also mention on there.
Okay. Let's keep going. There's a couple of other ones here, but let's go to the last one here. Malware defense. Now this is most people who are in it have done this before. So if you've done this, you've gotta mention it on your resume. You've gotta put these security features. Anytime you've interacted with a security control, you have to put it on your resume.
Otherwise, the employer is not gonna know if what you've done. So, this is one of the main ones, and this is, most people have done this. If you've done it, you've put in, you've updated the antivirus software. You've, you've updated the signatures of the antivirus software. You've removed antivirus on there.
So you've gotta put it on your resume. And this one actually on my, I didn't actually put the, the breakdown of the, of bullets here, but it's on my, this will be in the book. So just stay tuned for this. I just, the reason why I decided to do this book, I took a, a kind of a respite from the risk management framework series because people kept asking me the same questions, the same questions over and over and over again about like, Hey Bruce, what do I put on my resume?
Like what, what do I, how can I get in? I've been doing this for 15 years. I'm working in a job. That's not, I'm not getting paid a lot, but I've been, I have 15 years of experience. And why am I not able to get six figures? Why am I not able to get a better. And then I look at their resume and they're not really talking about cyber security and I'm like, you wanna get a cyber security job, but you didn't mention cyber security on your resume.
And I'm like, you gotta put it on your resume. So they'll send me their resume. I'll take a look at it. And there's nothing on there that talks about cyber. So what I'll do is I'll just put it in some keyword and I'll say, look, this is the kind of stuff you have to do. And now I'm trying to put a book form where I can just give it, basically give it it away, cuz it's gonna be a pretty cheap book.
It's not gonna be expensive, but it's gonna help a lot of people out. So that's kind of what I'm going with this. And I'll I'll let me see if I can answer a couple questions here. I see a couple people join me. Thanks for watching. I appreciate you guys. I know this is not the normal time that I do this smooth virus says 1500 more like 150,000  yeah.
True. True. True. Okay. So let me, let me go to, I had some stuff open here. If it didn't crash on me.  We have some questions. Let me see if I'll just answer like one or two. I won't to keep you guys too long here. And this'll, this'll actually be an audio file. If, if you didn't know, I have a, if you go to pod bean, right?
If you go to pod bean combo courses dot pod bean, that's where my actual podcast is, and I've been putting 'em out daily. So go ahead and check that out. There's a whole bunch of 'em that I, that I I hadn't released. So I've been releasing those ones in podcast. Let's see. Let me see if I can answer some relevant questions here.
Okay. Somebody saw, talked about the, the key challenge. I don't know if you guys knew this, but there's something's going on where people are stealing Kias using a USB cable Kia's in Hyundais, Hondas. I believe of a certain type it's called the Kia challenge. Look that up. It's pretty, especially if you have a Kia high Hyundai is what it is.
Kia or hi Hyundai. Let me see, see if I can answer some more questions here. It's mostly about the Kia challenge. Somebody asked me about my book. I probably need to respond to that one. Whoa. Okay. That should have been blocked. Okay. I'm gonna go to TikTok. Let's see if there's some questions here lately.
I've been getting a lot of questions on TikTok. And so I answer these one at a time directly usually, but let me see if I can answer at least one. Could I get into cyber security with just one year of help desk and one of these certs? Absolutely. You can. This is exactly what I'm talking about. So if you, if you have, if you've been on the help desk for a year, more than likely you have done cyber security.
So that's that's, this is exactly what I'm talking about. You have done cyber security before you just have to put it on your resume. If you put it on your resume you, you will. You will get hits. You will get people contacting you about this. And that's what this book is all about. Let me see if I can bring that up again.
Nine, which one? Which version? Okay. I've got so many. That's one. I write, I have a whole bunch of versions. I have a whole bunch of versions of my book where I'm, I'm constantly updating, updating the book and stuff. So let's see set up marketing. I tell you how to market. Once you create an awesome resume with loaded, with keywords and, and lots of action and impact statements, I show you how to market it.
And this is something that's been working for me for many, many years. I've been using the same thing. And what I didn't know that I was doing right is I was using the correct format for my resume. I didn't know until recently it's called ATS style resume, and it looks a little bit like this it's very plain.
It doesn't have any kind of, and that's the thing. My, I had a ugly resume. It's ugly and there's misspellings in my resume.  somebody point I was in an interview and somebody pointed that out to me and said, Hey, you know that you have some misspellings here. And they were like, I don't care about that. But you, you know, you might want to fix that.
I was like, wow. And I still got that job by the way. It's crazy. Right. And it's because my resume's dope. My resume's really good. It's it's loader we keyword. It's it's highlighting all the security stuff I've done. This is what an ATS style resume looks like. It's just plain. It's just like, so this is what you'll do.
If you are help desk, you've been doing it for one year. You, you have to put ATS style, resume on your cyber security resume. And then you've gotta mention all the times you've done cyber security. You can't just talk about in uploading or installing windows. It's gotta be what security patches did you put on that windows device?
How did you help the organization reduce the risk? Stuff like that. And this is stuff that when you're in the weeds, when you're on the help desk, when you're, you're a system admin, when you are firewall, even firewall guys, sometimes they're not seeing the big picture of what's going on, which, which is making sure the security posture of the organization remains at a certain level, right?
They're not seeing the big picture, but you gotta put that big picture on your resume. And the way that you can pinpoint that is look at the actual security. Look at the actual security controls, the best practices, the CIS controls is one that's only one you could do PC. You could look at PCI, they have a breakdown of all the security controls, and they look very much, very, very similar to CIS N 800 is really exhaustive and it goes into super great detail and stuff.
You, you can also use those too. This one I found is like one of the best breakdowns, because it just gets right to the point there's only eight 18 controls, security controls in the CIS version eight. I think, I think version seven, the previous version has like 22 controls E either way. It's covering the same ground, all the best security practices.
And that's the stuff you gotta put in your resume. I'm gonna do another actual TikTok of this, where I break this down. And so, so we'll, we'll cover that in greater detail. Bark says I've got lots of work to do on my fed resume. Yeah, man, like this kind of stuff right here is what you wanna make sure you put on there, this kind of stuff right here, these things, if you've done any of these things, you gotta put it on your resume.
and my, my new book is gonna break down, like how you word it for each one of these controls. If you've done this before, give you an idea, like, okay, have I configured data recovery systems? Have I done that before? How do I word that in an, in an impactful way that shows that not only have I done it, but I impacted this organization, I helped them with their security bar says, by the way got your, your RMF book.
Was there a part one? There's a part one and a part two to the RMF books. So let me see if I can bring that up. The RMF book has a part one and a part two, and I'm actually working on a part three, but that's gonna, that, one's gonna take me a little longer, cuz it's, it's talking about SCA or security control assessments.
Let me show you. Okay. I'm gonna show you on two different platforms. I'm gonna show you on audible and then I'll also show you, cuz I've got an audible version of it. If you happen to be driving on your commute, you can actually just listen to it. Or if you happen to be jogging or something, listen to it.
If you wanna know more about risk management framework and the controls and how it's broken down and stuff like that. The other one is Amazon. Let me show you. So if you go to Amazon or you go to audible and you type in just R M F I I S S O and you will find my book, both books. R M F I S S O. Okay.
Let me just show you here. What I'm talking about here. It is an audible. You can listen to it right now. If you like. The one, the first one is very short. It's only like an hour long. It's a guide. It's an overview. Like if you were like wondering, like what is missed 800. If you are crazy enough to like, say, what is N 800?
Like this breaks it down in one hour, I break down like what, not only what is, is it is, but how do you actually implement it? How do you as an information system, security officer, I'm hidden it from that perspective, how you actually, how you actually implement it as a, a cyber security person. And then the next book goes into greater detail about the controls.
And what I do is I talk about like, here's, here's the controls and here's what you do in with each one of the control families. I don't, there's a thousand controls, so I don't go in all thousand controls. That'd be a super boring book. I also use practical. Things that have actually happened to me in each one of those families, not just happened to me, but happen to people.
I know things that are going, like I mentioned, the, the I don't know if you guys remember the, the colonial pipeline, where does that fit in with the risk management framework? Where does that fit in with security controls? I use real world example. So you can get an exam, a, an idea of what that control family really means.
So that that's the two books right there. One's four hours long. The second book is four hours long. So I, I think it's a really good, a really good book. I, I haven't seen anybody write it like that before. So where you are using practical stuff, and I'm kind of doing the same thing with the SCA book, the SSEA book, the SA book is going a lot deeper than I wanted.
I, it's kind of like when you write, sometimes the book goes in its own direction and that's kind of what's happening with SCA. It's just getting way longer than I thought I was gonna get. I'm trying to, I gotta chop it down a little bit. Let's see. Bruce helped me. Land a federal contract job in cyber security management, man, smooth, smooth virus.
I is, is the man.  this person I know. I know personally. So the advice he gives you does work, man. It really, really does work. And I only, I only mention it because I've been doing it for years. It's, it's the same tactic I've been using for years. And I, I constantly get work. I'm never, I, I don't have to worry about not having a job because I use this technique and I'm con sometimes I gotta turn the tap off.
Right. I turn it on. And it's like a flood of all of these different opportunities. And I gotta turn it off. I gotta turn the taps off. So it stops. And right now I'm, I'm going through that process right now. And it's something else I'm not actually doing background checks and stuff with a job that I, that I got chosen for bar says, awesome.
I have a good state level. Experience, but but new to fed. Oh, okay. That's great, man. That fits right. That fits right into the state federal stuff. It it's kind of goes hand in hand with, I, I believe state uses N right. Well, some states use the, the N 800 framework. So you'll, if, if that's the case you'll fit, right, right.
In there, federal stuff does, does things a little bit different is a lot more details. I, and then smooth virus says I can't get them to stop emailing me.  exactly. Exactly. It's crazy. It's crazy. You gotta make sure all of your like monsters, you gotta be turned off, like make the, make your resume invisible.
You've gotta turn off. But what happens is, so what happens? Smooth virus is that the, it works so effectively. He's talking about the, this, this method that I have, it works so effectively because, because when you, when you put the resume into their database, it stays there.  it stays in their database for years.
I got people calling me from a resume that went into their database five years, literally five years ago. And they contact me and say, Hey, are you on the market? Like your resume fits this job that just opened up with Boeing or with, with whoever, right. All of these different companies. And they're calling me from five, my resume's five years old in their database.
And sometimes they're like, nah, that's my old resume. Like, here's my new one. Like, here's, here's an updated resume. It really works. Like this technique really, really works. So if you, if you're like really looking for a job you're really trying to level up, then then you should be looking out for this book cuz it's coming soon.
It's coming within the next 30 days for sure. And then I'll have a follow up book where I break down something called a nice cyber security workforce where I break down each category. If you're trying to level up from one. Category to another, or if you're from it and you want to target a specific genre of cyber security, cuz there's many different kinds, then, then that's gonna be the second book.
And that one, I should be able to knock out pretty fast. I hope. And then I'm thinking about a third book in that series where I'm talking about either remote work, cuz I've been able to remote work remotely for, for over six years now. And then I'm thinking about doing one for entry level, cuz I get a lot of questions on that one as well.
So those books are incoming. First book in the series is gonna be called cyber security jobs resume marketing, and that one's coming real soon and, and it really, really works. It's all about finding patterns, finding patterns and exploiting those patterns and putting that on your resume. It it's like you're hacking, it's like you're hacking the entire system to make sure that your stuff rises to the top every time.
And it's really, really been working for me.  Okay. There's a conversation happening here. Let me see. He says, bar says he's, he's got he's in Virginia and he's got a CI S P with 18 years of experience. Holy crap, man. You're about to make some money. If you got the, the CI S P or golden. Absolutely.
That's true. Let me see. And he says yeah, I would, if I would, yeah, you'd get around 200,000 or more in, in in Virginia area. Virginia pays really good, especially if you've got a, if you've got Virginia, Maryland, DC, that area, the DMV area, DC, Virginia, Maryland, D D DC, Maryland, Virginia D DMV. Yeah.  so much anyway, so that area pays really good.
There's so many jobs in that area pays, pays really, really well.  and because there's just so much competition. They they're, they're the ones getting most of the government contracts and it's because there's three level, all the three letter agencies have their headquarters there. NSA, FBI, CIA, all of those.
And some, some other ones DIA and all, all these other ones have it's like the hub of everything. Then you've got the senates there. You know, the Congress is there. You've got the white house. Is there everything is there. So there's all these contractors and subcontractors and there's just this, so many cyber security jobs there.
So, so man, it's crazy. Okay. I got a lot of people. Wow. I got a lot of people watching me right now. Mike VI, how you doing bark? I've got a smooth virus. I've got. Lu Ludwig. Hey, thanks guys. Thanks for watching. I appreciate everybody. And if you guys didn't know if you're caught catching this late, what I'm doing is I'm talking about another book that I'm, that I'm putting out real soon, you're looking at like the rough draft, this isn't E doesn't even have the, the actual right name here, but it's gonna be cyber security jobs, resume marketing.
And this one is gonna break down how you can level up using these proven techniques I've been using for many, many years. And as a matter of fact, people there's people watching me right now who use this technique that I've directly told them how to do it, or they took my course and they did it. And now they're working remotely working where they wanna work, making the kind of money they wanna make.
And that's what I'm trying to help people to do to. Make a whole bunch of mini Bruces out there. So you can, you guys can reap the rewards and the benefits of cyber security that I have over all of these years and not have to worry about the recession or people saying the economy's gonna collapse or whatever, cuz no matter what happens, cyber security is necessary because all of us are relying more and more on information technology.
And the more we rely on it, the more heavily rely we rely on it. The more protection is needed for your, your personally identifiable information, your private information, more more protection on your social security numbers, your banking information, your healthcare information, you name it. Every industry needs cyber security.
So the, the right now, as a matter of fact, there's something like 700,000 jobs that are positions that are need be, need to be filled. That are in the government space alone. So yeah, I'm telling you like it, this is a hot, this is a perfect opportunity to strike while they really need more people.
There's been a huge vacuum of people that have retired gotten outta this career field. A lot of boomers are getting out because they're, you know, they're 60 plus they're kind of getting, getting out, going retiring and stuff. So now there's this huge vacuum of people who are come, who need to come in fresh blood is needed to, to make this system work.
Mike bill says I'm in school doing cyber security and cloud. That's awesome. Mike, I would, I would highly suggest getting a cloud certification. The AWS cloud practitioner is a really good one. I would come outta school with that. And then. As much as you can, Mike, if you can get some kind of experience under your belt while you're in school, that would be awesome.
Get some sort of experience so that when you, you are already starting to fix your resume up, right. And the things that you need to do, the kind of stuff they wanna see on your resume. I mentioned in this book I break it down like how they wanna, how they wanna see it and all that kind of stuff. It's these controls because the name of the game was cyber security.
It's all about it's all about implementation of cyber, of cyber security controls, and actually physical controls and management controls. It's actually quite a bit of different types of controls that you can, if you've ever done an example, like to, just to give you an umbrella of like what kind of controls that they wanna see, not just technical controls, not just firewalls, not just audit logs, but it's also physical.
If you've ever done a physical security control assessment,  that's one. If you've ever done a wireless scan, that's one, if you've ever done inventory on a network and, and made sure that the organization has a baseline of, of all of their software and hardware, that's the first two right here. The first two are inventory.
You wouldn't think this is a security control, right? But if you've ever taken accountability of all the assets, assets, meaning their computers, their servers, their workstations, their laptops, their phones, and made an inventory, a list, and you've maintained it in a database or whatever, whatever have you.
If you've done that before, that's actually a cyber security controls. So you gotta put that on your resume. And before you get outta school outta school, Mike, if you can try to get work, I'm working in the college as a as a front desk. That's awesome. If you can get some cyber security under your belt, some kind of, if you help them to.
For example, update their viruses, definitions, like say you, you have a desktop right in front of you. You help 'em to upload their virus definitions, put that on your resume because you can literally name the school and say I updated, you know, X amount of systems with the, or I've I up updated a critical system with the most current signature for McAfee, antivirus, whatever.
Like you could put that on your resume, start building your resume before you even get outta school. Because the most important thing when you get out is gonna be your experience. Yeah. Your degree is great. Like you have a bachelor's degree, especially if you have cloud experience, another thing, build a cloud server before you get out and that's something you don't even need the school for.
You can build a cloud server and get ans practitioner cloud practitioner certification, and you put that on your resume. If you can help the school do any kind of cloud stuff, put that on your resume.  I'm in the CCDC team. Yeah, man. That's awesome. What, what does that stand for? CCD C's team is that computer department?
What, what does that stand for? Okay. Somebody says, how can I work as an ISSO without a clearance? So O Omo. So there are jobs and back me up. If you guys know what I'm talking about here, there are some is so jobs without security clearances, but they're, they're rare. And I personally have worked a couple a job, actually, right now I'm interviewing for a job where I already interviewed for it.
I got the job. I'm just doing background check, but there's clearances that are not security clearances. I mean, not secret clearances or not Ts S E I clearances. There's one called the public trust. Public trust is like a lower level a lower level security clearance. So. You, you, you know, you, there are jobs where the is, so doesn't have to have a security clearance, but there's also jobs where the is.
So can have a public trust, which is not as high level as a, a secret clearance or a Ts S sci, and it's way cheaper for them to do that particular type of clearance where they'll bring you in and, and they'll give you that public trust clearance. That's another thing. Another thing is that when you get into those jobs, what they'll do is sometimes they'll pay for your, your SS B I, your background check.
And then you can take that background, check to the next job, your clearance to your next job, and then you get paid a little bit more. It's national collegiate cyber defense competition. That's awesome. Put that on your resume. Put that on your resume. Is do as much as you can, before you get out, you probably give a, get a job before you even get out.
If you start right now, Mike, if you, if you, let me tell you something right now, you can put, you can list the credits that you already have from your degree on your resume. Right? Then you can put that you're on the national collegiate cyber defense competition, and then the accomplished event that you guys have done any kind of any time, you've helped them with their help desk issues, troubleshooting, adding updating patches that kind of thing.
Put that on your resume. It's just a matter of wording it properly, put that on your resume and then put that resume up on LinkedIn. Now it's not gonna have a lot on it because you're just now getting into this field, but I guarantee you, if you put that on monster on dice on LinkedIn and at least 10 other sites, As you're building your resume, you will get contacted.
You could have a job before you even leave the college. You hell it might even be so good that you say, Hey, you know what? I'll come back to college. I'll finish this later. I'm and I'm being completely serious. You'll get offers if you actually do what I just told you. Let me see. Okay. Focusing on the third risk management jobs, I'm focusing on the third party risk management jobs since I have no clearance.
Okay. Is that pretty good? Sounds like that's pretty good money. Like risk management job, third party, risk management job. You could still get security security control assessment jobs, and those pay really good if you're doing like third party risk, risk assessments and stuff like that. That, that, that could do too really good.
Now, om old, if you don't mind me asking, why don't you have a clearance? Is it, are you not eligible to get a clearance? Are you not a citizen? Because I know that. In order to be eligible, to get certain clearances, you have to be a you have to be a us citizen for certain clearances. And I don't, I think public trust, you don't need a clearance, but I could be wrong.
I mean, you don't what I'm saying. So I think for public trust, you don't need to be eligible. You don't have to be a a, a us citizen, I believe, but I could be wrong about that. Let me see. Okay. And then smooth job, smooth virus, just, he confirmed what I said. I'm completing my bachelor's degree now.
I got the job, even though I'm not done yet. Exact. That's exactly what I'm saying. Like one time I give you another example, Mike, when I I got outta the military, I had experience doing the work, but I didn't have all the requirements. I had a degree, but I didn't have, I didn't have a I didn't have the CISs P yet, but because I had the experience.
they said, Hey, you know, I sat with, through the interview, they love me. And they're like, listen, we want to take you. But only thing is this job requires a CI SS. P can you get a CI S S P within a year? I said, I said, yeah. And they said, we'll, we'll, we're gonna send you to a bootcamp. So you can get this, this certification and we'll pay for the certification, but you gotta get it within a year.
I said, yes, I'll do it. So there's flexibility. Like, even while you're in school, if you start to build your resume and market yourself, like I just told you, you can start getting a job. You could actually get a part-time job, making really good money in it and cyber security while you're finishing your degree.
And actually the company, a lot of times, they want you to finish that degree cuz soon as you, you you're done with it. They'll be like, okay, you're a supervisor. Okay. We gotta pay you more. We're gonna put you over here. They'll do that from time to time because they really need people who, who know what they're doing.
They really need people who, who are willing to work and do this and level up.  Let me see. Almost says I'm a citizen, man. Then what is happening? Why don't you Somo? Like if you're looking for security clearance then what you could do, one of the things you can do is especially if you live in the east, on the east coast, they have a lot of jobs that require security clearance.
If you have a skill set, you said you, you work as a risk management framework person, third party, but you don't have a clearance. You could get a job, even if it pays a little bit less, right? And, but they're willing to pay for your clearance. Listen, it will be worth your time to work there for about six months, work there for about six months, have them get your clearance take as long as it needs for them to get you a clearance and then bounce, roll out and go to another place and be like, Hey, I got my clearance.
And by the way, I'm a risk management framework person. They'll pay you more money. Like you'll. They'll pay you more my hell after you get the clearance, they might even, they might even update you. They might even pay you more. It says I'm doing things backwards too. I'm in the healthcare and got a security plus and plan on going to get my master's in cyber security.
That's awesome, man. Like healthcare has so many great so many great opportunities because there's just such a huge need for healthcare professionals. People who are well versed in the healthcare industry to be cyber security or it people right now. And I can just give you one example of what I'm talking about.
Like it's, it's so crazy right now. Let me just show you what I'm talking about. Here's my book right now. If you guys, my book's right there. If you guys are trying to learn risk management framework, it's those stuff it's blowing up. Let me see. So let me, let me just take you to this site. This is a DISA site.
I'm gonna take you into a DISA dot mill site. Now you might be wondering, like, what does that have to do with healthcare? I'm about to show you, this is how crazy healthcare is. So I just typed in DISA a dot mill at 81 40. So let me just show you to this site. So 81, 40 and 85 85 70 is like it's like a breakdown of all the approved certifications that the department of defense and by proxy, some of the federal government actually uses to say, okay, these are approved certifications.
So what I wanted to show you is this right here. See this right here. What's that say? You see that this is on the approved list. This is an IAM level two. I am level two means information assurance manager level two, which means it's it's, it's a fancy word for information security or Infor or cyber security for information security.
Manage management and it has H, C I S S C H C I S P P. And I don't know if you've ever heard of this certification, but let me, let me show you something here. So if you type in this particular certification, I happen to know that this one specifically for healthcare and it's coming from the ISC two squared ISC, two squared is the top organization, arguably the top organization for security certifications because they, these are the guys who do the C I S S P.
Now they have one called the H C I S P P, which is for healthcare security certifications. I mean, professionals. And it break. Let me show you the breakdown of this. Like, if you didn't know about this one, this is this, one's hot, this one's hot, especially if you're in the healthcare industry. So this is the kind of stuff that's on that they expect you to know as a H H C I S P P.
and it's H H C I S P P is ideal for information security professionals charged with guarding protecting healthcare information. P H I protected healthcare. He protected health information, including those in the following positions. So if you happen to be in a compliance officer, information, security, privacy, officer, risk analysis analysis analyst hi health information manager.
If you do any of these things, they're saying, Hey, this is good for you. And see, it's listed right up here with the, with all the big boys, all these CI S S P and the cap and all these other ones. I didn't know about that. Thanks for sharing. Yeah, this is a, this is a really, really good one. Now, recently, if you happen to be entry level, this might be for Mike right here.
Entry level, the CI the ISE two square recently created this one right here. This is exciting. I think this one's gonna be listed on that approved list. It's the entry level certification for cyber security people, which is, which is crazy. They're trying to compete with security plus I think, but yeah, anyway, back to our subject.
So we're talking about this one though. So this is CRA, this is crazy. So you just recently added this to that department of defenses, the list of certifications. That means this certification is about the blow up. A lot of that means a lot of contractors, a lot of recruiters, a lot of HR departments are gonna start listing this as a requirement at major healthcare facilities, so that you have this certification, you get this, something like this under your belt.
And the thing is if you've been doing this and the healthcare field for some time, You might, you might just blow this test out of the water and then they have a breakdown of topics. So you gotta, I think you have to give them your, your information. They'll send this to you and, and you'll have their newsletter or whatever, but they have a breakdown of the domains, which I'd be interested in to see this right here.
Oh, here it is right here. Okay. Sneak peek at the domains. Here's the chapters. Third party, risk management, introduction of healthcare industry governance, legal risk compliance. Yeah, really cool stuff. Really cool stuff. It's they're saying it's already ranking in 39th among security clearances. I don't know about that, but that came from certification magazine.
Okay.
Yeah. So that's, that's really good stuff. Exciting times if you happen to be in this field. It hasn't always been like this. It's it's really hot right now. There's so many, there's so many job opportunities. And I just want to show you guys this this little before I let you go. There's so many jobs that they're looking for recently.
This is from July 1st, 2021 of last year, all the way till now this is from July 29th. The white house is pushing to fill 700 700. This is real. They're pushing to fill 700,000 jobs in cyber security in the United States. And what they're doing to do this is they're getting with all kinds of all kinds of private and public and nonprofit organizations to, to teach this.
That's how they have a whole bunch of free courses out there. They've got a bunch of, of, of organizations that are trying to get entry level people in cyber security. Like I believe Booz Allen Hamilton did it. And they go really fast. Like as soon as they list that job, it just, they jobs just start going really fast.
So the 700,000 job thing is real. Yeah, this is real, man. This is, this is coming directly from the, the, the white house, like the white house at a summit lack last month where they said there's 700,000 cyber security jobs we wanna fill across. I think what they mean not is not just the federal government.
I was, I think I misspoke with that. I think they mean throughout the United States, there's 700,000 jobs. And the reason why is cuz there's heightened, there's a lot of stuff going on behind the scenes. Like governments are starting to attack each other. There's a huge cyber war going on right now. And so that's why you're hearing about all these leaks and all of these.
All of these hacks and stuff, because a lot of companies and a lot of banks and a lot of healthcare industry facilities and stuff, they don't really have appropriate. They don't have appropriate security measures and what's happening is they're, they're soft targets. And and they're going to these hackers.
There's there's criminal gangs. There's some that are backed by, by government state state governments. There's some that are backed by you name it, criminal organizations, just that you're just trying to get money, whatever it's a free for all right now. And there's, and we are, the us is the biggest target because they're the ones holding all the money right now.
So, you know, they'll go off to a bank cuz they know a they know what the healthcare industry will pay. Like if they get you, did you hear about the one in LA? Like the LA school district? Somebody tried good on LA school district. They, they were able to they were able to protect themselves, but yeah, some, some hacker group went after LA school district.
Let me see if I can find that one.
Let me see if I could find that one. This is crazy. So yeah, the, they, somebody went after hackers target Los Angeles school district with a ransomware attack. They tried to get 'em on a ransomware attack. This was recent. This was like yesterday or something. Yeah. Look at this. September 10th. Yeah. Okay. So four days ago, hackers target Los Angeles school district with ransomware attack.
And luckily the, the school district was prepared for it. This is kind, this is what's happening. This is what's happening across the board because we're, so we've got so many soft targets and It's just, it's, it's sad to see, but that's why there's so many job openings for cyber security. And the white house is pushing this huge initiative to you know, to get more people, cyber security analysts, information system, security officers even, even things like program managers.
They probably lump those, those people in there program managers are super critical to, to doing things like security and engineering. So they are part of our team. Let me see, basle says, I'm looking to get into this field. Can you let me know what I could study or brush up brush up with? Okay.
So here's, here's what I, here's one of the things that I show how to that I would suggest. Okay. And this is just my 2 cents. Like some, there's some gurus out there who are, will tell you something totally different. , this is the first certification that I got from CompTIA. CompTIA has one of the best curriculums out there.
Some people really hate this certification, but you know, the market doesn't, if you have the certification, you can get hired somewhere so people can hate on it all. They want just like ch people hate on ch, but you know what? That will pay you. And this one, if you're an entry level, this is where you can start.
And so one thing you should know is that certifications, you can't just get a certification and magically get a job. Okay? It's not, that's not how it works. Like you can't, if you've never done any it work before you gotta put the work in to learn the material. But what I'm saying to you is that even though these these, these certifications are made to validate the skillset and knowledge that you already know, or the experience you already have, you can use it as a curriculum to learn.
And, and that will get your foot in the door. Now don't focus on the prize so much as the process itself, the process of learning this material in such a way that you can level up and start to actually do this work and, and get yourself an entry level position that doesn't require all of these different high level requirements.
So you go through this and you go through the curriculum of this, and it's gonna show you things like hardware, operating systems, how they work, software troubleshooting, network, networking, troubleshooting, security, virtualization, a little bit about cloud stuff, mobile devices. Those are kinds of the things that you're gonna see on this test.
But bef like before you take the test, you want to actually go read the book, break it down. Learn about it, put it on your computer. You can use VMware to learn it on your own. Like you could have a virtual environment right here, right on your computer. You can set up networks in your house. What, what I did when I first started doing this, I would build computers.
I would, I would buy the components, build the computer, cuz it gets you exposure to the hardware and let you know how the software works with the hardware with hands on experience, nothing beats hands on hand on hands on experience. So if you can get virtual virtual networks from things like GNS three, that's another thing you can use once you get this certification.
Like what you wanna do is study there's. This is two tests. This is not an easy test by the way. Now, if you're not very proficient, if you're not very savvy on on computer stuff, what you can do is go comp tia.org and go to ITF ITF. Plus, if you wanna, this will tell you whether or not you should even take.
Any of this, like you, whether you not, you wanna do this, a lot of people chase that money, chase the stability of it. So you, you might not even wanna do this. You know what I mean? Like this right here kind of dips your toe in the waters of it. So when I keep you probably I think it, Bruce, I don't care about it.
I wanna do cyber security. I know, I know. I know. I understand. But I, cyber security is stands on the . You have to know it before you get into cybersecurity. I, it, cyber security. Is it information technology? All we're doing is it's. It's like one it's cybersecurity is multidisciplinary. All right. So for cybersecurity, You're you're expected to already know information technology that's basic computer stuff, hardware, software troubleshooting, things like that.
So this something like this is an entry level. That's gonna tell you the terminology, the basics of information technology, how it works before you get into the hardware hardcore stuff, which is a plus certification. A plus certification is, is actually no joke. It's it it's, especially if it's your first certification, it's not easy.
So it was my first one and it wasn't easy for me. So it was not easy cuz you have to learn all the terminology and they're just throwing all the stuff at you and stuff. So like now if I went back to it, I'd be like, okay, I know this. Yeah, I know this, I know this, but if you're coming on there cold, a plus is not an easy certification to take cold.
It's not easy to take cold. It's so much terminology that you have to learn. So. After you take, let's say you, you got, you went through all this curriculum. You listened to Bruce's live and you like, man, this guy knows what you're talking about. I'm gonna go ahead and study for a plus. You got a book, you broke down the book, you took notes on it.
You took the test, you passed it. Another thing you could do, I'm just gonna tell you three different search. You should do that. I recommend there's another one called Google. This is, if you don't know, if you don't have a degree, if you Mike is already getting his degree, he's already like he should, he could probably do go straight to professional level search if he wants, because he is about to get a degree he's in UND himself in this world and everything.
But if you happen to have no degree, you're doing us all from scratch. Here's another one you can do. And you can do this one. If you're in college too, it's no big deal, but here's one called the Google support. It certification. The reason why I would recommend this one is because a lot of people are taking this certification with no degree going in.
And, and making and making this kind of salary right here. This is what people are telling me. This is what my users. Now this is anecdotal information. I do not personally have experience with this. This is all new to me. In my experience. You, you can't get into these fields without experience, but I stand corrected cuz several people have contacted me and said, yes, I got this it support certificate and I'm making X amount of dollars.
So this is another one you can do. If you're trying to bypass the degree programs and stuff. I, this is no guarantee that you're gonna get anything. Okay. But I'm just telling you anecdotal information of people contacting me saying I took certification. I'm now making X amount of dollars, not a hundred thousand, but it's pretty good money.
And it's entry level. They're doing entry level work by the way, another certification. Here's the hottest. One of all this one, whether you're in, whether you are in a degree program, whether you are have five years of experience. Whether you have a CIS S P, whether you're coming in off the street, you used to be a sanitation engineer, and now you're doing this.
I recommend every person take this one. Every person, every man, woman, and child dogs, cats living together, all of everybody should take this one. Okay. It's called the eight. If I could type cloud certification practitioner. So there, and let me, I'll just explain why this is, this one's so important. Okay.
And I went to the wrong site here, went to the wrong site. I'm trying to go to actual TMY is a good, good place to actually learn this stuff. I don't teach cloud yet. So TMY is a good place to prac. But anyway, here it is right here. AWS cloud practitioner. This is why this one's so important. Everything is going to cloud.
If you use Google, any Google services you use in cloud, Gmail's using cloud YouTube's using cloud services. All streaming uses cloud Netflix uses cloud everything's on the cloud right now. Everything is on the cloud. And AWS, Amazon is the leader in this. So Amazon's the leader in this. Amazon is killing it.
Like Amazon owns something like 30% of the total market share for a cloud. They, they own most of the government stuff in cloud. They, they they're their only competition really that's that's close is Azure from, went from Microsoft and, and Google Google itself. So this, this certification is not hard and, and everybody should know at least this level of knowledge and here.
And here's the reason why I say this. I just had I'm in the process of getting a new job. Okay. And I, I. L literally hundreds of screeners contacted me and it's just annoying. And I need to turn that crap off. But out of those hundreds of screeners people calling me, you know, really quickly, like it's like a quick interview, not even in interview.
It's like let's see if you qualify for this. Anyway. So out of those hundreds of screeners, I had five interviews. I had five interviews. Two out of those five, I have two that are potential one and one I'm act. I actually, they gave me an offer. They gave me a job offer. I said, yes. And now I'm going through the background process.
I say all this to say, going back to the cloud thing is that out of those five interviews, four of them ask me about cloud. And some of them went pretty deep on.  and you gotta know cloud. So if, if you happen to be in an environment where you can learn more cloud stuff, learn it. Because I, I regretful my last job.
They were trying to force cloud down my throat and I didn't wanna do it. And I just kept dragging my feet about, and I wish back looking back. I wish I would've just done it. I wish I just would've at least taken this AWS cloud because they were asking me a lot of cloud questions. And I really didn't know.
I'm really, I really didn't know 'em you gotta learn cloud. So I would. And another thing about this AWS practitioner is that look at this it's a hundred dollars is 90 minutes. How hard does this? This can't be hard is 65 questions, multiple choice. I mean, Pearson peer view. It's this has gotta be easy. And I I'm gonna take this test, period.
I, they, they ask me way too many questions about it. It's getting way too ridiculous. I need to know more about cloud stuff. I need to be able to speak on it. And I was not able to do that. And so four interviewers asked me about freaking cloud stuff and I, and I'm like, damn, like I really should have,  got more information on this.
I don't even do cloud. I'm doing information system, security officer type stuff. That's the jobs I was going for. And they keep asking me about cloud. I'm like, damn, like, can you ask me risk man, refr more questions? Like why what's cloud? Like, I mean, I have some exposure to it, you know, like Fedra and stuff like that.
But they were asking me like, like, how do you set it up and stuff? I'm like, what?  what, what's the difference between a P a, a S and a and a S a, a S I'm like, oh my what? That kind of stuff. Basic really basic stuff, you know, cloud, but I didn't know it. So so yeah, check this one out. Somebody asked me, do you have a resume template?
I do. So if you go to my site I'm, I'm working on breaking down.  if you I'm working on having like a complete breakdown of several different resumes and resume samples and stuff and ATS format, but it's gonna take me a while to do I gotta get off this call so I can go do it. But if you go to my site combo courses.com and you go to all courses, here's some of my stuff, books, new stuff that I put out free stuff.
What you're gonna do is you're gonna go to resume marketing. I have a course on resume marketing, the stuff that I'm writing in a book. I already have a course for it. And it works really, really good, but if you want the template, I'm making it free for now. Okay. So if you happen to be watching this, you are, you are in luck because I'm, I'm telling you free stuff.
That's out there right now that I'm probably gonna make. Not free. So if you go to this right here, just sign up is free. Okay. So number one, you can sign up right now and it's free to sign up. When you sign up for free, there's a ton of free stuff. You can download, you gotta go search for it. There's like, see this free preview stuff like that.
You gotta go through there and it'll have free stuff. This, this one has a downloadable for, for my resume has an actual down here it is right here. See this right here. I don't know if you, I don't know if you can see this. So all you have to do is, is if you sign up, you'll get that one for free. You'll get that one for free.
That's the template. Not always gonna be free. Some of the stuff I'm gonna I'm I'm gonna make it. I'm gonna make it paid, but for now it's free. So yes, the answer is yes, I do have a resume template. I'm gonna make a lot more. They're gonna be linked from the book a pipe. I don't know if I'll make 'em free or not.
I'm not sure.  Probably, maybe initially, I, I don't know, but stay tuned for that, but in the meantime, there's an ATS style resume that's out there. And thanks a lot smooth virus for your testimonial.  I appreciate that. Okay. That's it guys for this one. Thanks for watching a lot. I got 15 people watching me here.
I'm knowing how many people watching me on Facebook, but thanks for watching. Anyway, I'm gonna make this into a podcast. So stay tuned for that one. If you wanna listen to this again or whatever, it'll be out there. If you didn't know, I've got a podcast site it's on convo courses, dot pod bean been, I gotta get used to saying this combo courses.podbean.com.
Here it is right here. Here's everything. Here's all my podcasts. If you're interested in just listening, I got more coming out. I've been trying to crank these out every day. Not easy to do but here. Somebody said I'm sorry, can you show me where to navigate? Okay. Go to con courses.com. Convo courses.com.
courses.com. I'm go. I'm working on making this its own separate link, but for now I'm I gotta focus on writing this book. Okay. So go to all courses and then go to the course where I talk about marketing, cyber security marketing that breaks down what you do on a resume. And on here, I have a free resume.
If you sign, you can sign up for free. You can sign up for free. Okay. This says $145, but you can sign up for free, totally free. And then what you're gonna do is go, if you sign up for free tons of downloadable, see this one. See, this is free. You'll see this free stuff happen. I mean popping up if you go to resume here, that's where it is right there.
ATS resume sample. I've got a whole bunch of other stuff coming, but I'm just I'm right now, currently working on it. Like, obviously I'm, I'm in this live right now, so I can't do that while I'm in this live. So I really gotta let you guys go. Thanks a lot for watching. I appreciate everybody. Tony long time.
No, see I'm outta here guys. Thanks everybody for your questions. Thanks for.

 
check out: convocourses.com :
the cybersecurity jobs: resume marketing book is coming soon!
Hey guys, this is Bruce and welcome to another podcast of pot of convo courses, where I'm gonna be talking to you. How to get in cyber security and how to market yourself. If you're interested in getting into a career field, that's gonna grow in the next five years, probably double to what it is right now, where you have job security and I've, I've never had to worry about whether or not I'm gonna get a job.
If you are wanting more job security, then this is a great feel to get in. And you're talking to somebody who who's been doing this for 20 years,  I'm speaking to you from inside the industry. All right. So if you have any questions on Facebook, on YouTube, on TikTok live on podcast, then this is a great question.
The time to ask any of your questions regarding it and cyber security. So let's keep it to that. I'm not interested in anything having to do. Anything except cyber security. So let's just keep it to cyber security questions. All right. That being said, let's get into this. If you didn't know, I am the owner and proprietor of combo courses.com.
It's a site where it teaches you how to do site, get into cybersecurity. And specifically my sub, where I'm the subject matter expert is something called security compliance, security compliance has to do with if you've ever gone to a bank, if you've ever used a retail, if you ever used a point of sale device, if you ever gotten a, a card from the DMV, like all of those things require something called.
security compliance that that's the rules and the regulations that go into an organization, cyber security. So not necessarily implementation of the cyber security, like firewalls or IPSS IDSS and all that kind of stuff. Not the technical implementation, but more like, how does this organization, whether it be a bank or your hospital, or your, or target or Walmart or whoever, how do they comply and keep security on their systems?
That's what I do. And that's what I teach people how to do. I've been doing this for a very long time, specifically for the government, the federal government, but I've also done it in the private sector and I've done it in for states. I've done it for a little bit for other countries when it pertained to the us.
So let's get into this. So we've got combo courses. I also wanted to tell you that I'm doing real steady podcasts on pod beam. If you're, if you wanna get some information on that just go to pod beam dot combo courses, dot pod beam.com. Enjoy me there. I'm doing lives every week. I'm putting out more content.
If, if if you prefer to listen to this, or if you're at your job and you wanna listen and learn and stuff, this is a great opportunity for you to do that. And I'm open to any kind of questions you have specifically to this to this genre, to this area of my area of expertise. And a lot of, one of the good things about this community is that if I don't know something, somebody in this community, isn't a subject matter expert on that thing.
And that's one of the things that I personally love about this community that we've been building. So let's get into this. I also wanna let you guys know, I have a book I'm gonna be breaking down and giving you a lot of the stuff that's in this book. Okay. So if you actually stay tuned for this, I'm gonna actually break down exactly how to mark yourself, how to get in this career path and how to level up if you happen to be an it person.
If you happen to be a, a cable jockey, a person who's laying cable for people doing internet stuff. If you happen to be in areas like healthcare, if you happen to be in stuff like banking, this is a really good opportunity for you to transition into a career field that pays better. That has more security and has a lot of opportunities for the next 20, 30 years to come because cyber security is not going anywhere.
Okay. And it's not all super technical. That's another MIS misconception about cyber security that I, that I like to dispel that myth. All right. So let's get into this. Let me show you guys what I've got going on. I've I'm writing a book right now that breaks down one of my main questions. So one of the main questions people ask me on TikTok on Facebook, on YouTube.
Everywhere is Bruce. How do I get into this career field? Like I've been trying for years, maybe I'm in it. Maybe I'm in the hospital. Maybe I'm I'm in healthcare, I'm in this other industry and I'm trying to get into break into cyber security. I'm trying to break into it. So what I'm doing, if I could actually switch this thing over, let me see.
So what I'm doing is a book where I'm gonna tell you how to get cyber security in it. This works also for any other career field as well, how to get into it.  and how to market yourself in, in this field. This is something that I've been using for years. This is not something that this is not theory for me.
This is something I actually do in practice all the time. So it's gonna be a series where I'm gonna add lots and lots of value to you over the years as I released these books. But let me just get right into this. Okay. So here's the sections of the book. What I'm telling you is first of all, the expectations, what I've been able to do successfully, and then I break down all of the steps you're gonna take to actually put this stuff on your resume, particularly if you are in it, if you're in it, the good news is you can very quickly ramp up to cyber security by putting certain things in your resume.
So one of the things I talk about. How to do an ATS style, resume ATS style resume means applic application tracking software. This is what most employers are using these days. If you happen to be putting your resume out there and you're not getting any traction, then it might be because the resume style that you have is not correct.
And sometimes when you put your resume out there it's, if you make it harder on the employer to actually take your, the data in from your resume, you know, it's, they might look, look you over and look for somebody else. So I'm teaching you how to use in in fact, I'm just giving you a template. If you go to convo courses.com and look for my course, it actually has a free template you can download right now that has the template that I use.
That's been successful over over the years. But so that's what I do. I tell you, look, here are the tools that you need to set up for this. Here's the places we're gonna be posting this, this your resume. And one of the main key features that I.  aside from the format and telling you how to do all that stuff is I actually show you how to do the keyword research.
How do you find what career path to do, cuz that's a really important thing. You need to know what path you're doing because here's the thing you can see. There's misspellings in this book. This is a first, this is a rough draft. Okay.  what I do is I bang out the, I just write it as fast as I can. I take all the knowledge and I dump it into this book and then I go through it like two or three times and edit it myself.
Then I get it, give it to an editor. So that's why you're, you might see some misspellings. There's some errors in here. Just ignore that stuff. That's gonna be cleaned up. As I release this, it's gonna be released on Amazon, on my, on my personal site on, and then I I'm gonna advertise it everywhere. Anyway.
what I'm gonna show you, how to do is how to find a specific category of cyber security. Cuz this is one thing that some of the gurus out there and some of the subject matter experts and some of the pen testers and stuff, they don't talk about this. And one that's that this is a huge career field cyber security's huge.
So you don't have just pen tester. You would think that cybersecurity is just a bunch of people in a closet hacking stuff. And that is not a, could not be further from the truth. This is actually a huge career field and it's getting deeper and deeper. And just to give you an example, like in my book here, I'm, I'm breaking down some of the categories that's coming from the government, the government broke down this what they did was they had this initiative where they broke down all of the main career paths of cybersecurity.
It's called the national initiative. For cyber security, careers and studies. I know that's, that's a mouthful, but this is what they called it. Take that up, that issue up with the government of why they name stuff like this, but also known as nice, nice cyber cyber workforce. If you, if you Google that, you'll find this what I'm talking about right here.
So what I'm breaking doing is breaking this down in a practical way that you can use this. So it breaks down things like securely and provision. So what does that mean? That's like people who architect and design. Secure systems. And then you got overseeing govern. That's kind of what I do. That's making sure that the, the system is secure, making sure that we manage the security and manage the the risk associated with that system.
And it also goes into legal advice and then program management and all that kind of stuff. So as you, you could probably tell that that's not super technical or in the weeds or hands on type stuff. That's more like organizing, make sure the organization itself as a whole is doing what they're supposed to do.
So cyber security is a huge field. Another area that we talk about is the, the hacking and the defense and actual people who are on the system you know, on the actual firewall, doing the configuration, putting the rules in those guys do exist. You know, I'm not saying sitting here saying that they're irrelevant or they don't exist.
I'm saying this field is so huge that you've got people who are way in the weeds all the way down the mathematics. Right. Cause you've got people who do CR cyber they, they do cyber crime investigations, forensics. You also have people who are doing crypto cryptography. So that is also considered a part of cyber security by the way.
And this thing that breaks down all those different areas that you would find these different these different categories. And then it breaks it down even further into specializations. So what my book is doing is gonna do and what I'm gonna show you how to do like a practical way to do this for yourself right now is what they do is they break it all the way down to work roles.
And then once you figure out what work roles, the first thing you gotta do is figure out what part of cyber security you want go in. Cause it's not enough to say I want to go into cybersecurity. You gotta be like, I wanna go, I wanna be a pen tester. I wanna be, I wanna go into cryptography. I wanna go into forensics.
I want to go in. I wanna do what Bruce does. I wanna do information system, security officer work. I wanna do compliance. You gotta be down to that granularity. And the only way for you to get there is for you to do some study on your keyword. Right? So that's one of the things I break down in this book.
Now what I'm gonna do right now is show you exactly how I do this. So what I'm gonna do, like live right here right now. Let me just switch my screen here on TikTok. So what I'm gonna do right now is show you what I do. Okay. So there's three main sites in the us, okay. Three main sites. And, and this, this is different by the way, this is different for each country.
If you wanna work in another country, you have to find a whole nother set of a whole nother set of sites to go through in the us. There's a top 10 group of sites that work the best. And just off the top three is gonna be LinkedIn dice and monster. So those three sites are the best sites that you can go through, go to, but there's like 10 or 20 others that you should definitely apply to.
If you're trying to get a cyber security job, if you're trying to get really any job, cuz those are the top sites. Now, if you're in the nursing, if you are doing something completely different, like sanitation engineer, if you're doing something completely different, like civil engineering, there might be other sites and for your industry that are better for you, but you gotta do that research.
I'm talking about cyber security. I'm trying to get you prepped to get into this field in cyber security, by knowing not only the key words, but also the top sites. Now the top sites for that we're talking about is monster LinkedIn and dice. And you can actually, and indeed is another really good one, but these are the sites I'm gonna show you real quick.
So once you do your resume all, so once you, first of all, the first thing you need to do is figure out what keyword. Right. So let's say you did your research and you know, I want Bruce, I wanna go into forensics forensics. I'm gonna show you real quick, how you can find keywords for forensics. If you didn't, if you didn't know a lot about it, if you hadn't done research, if you're just starting out, you just go to the search engine and type in forensics.
Now this is a very broad field. Like forensics itself is super broad. If you ever watch that show CSI, I don't really talk about computers much. They talk about dead bodies and, and extracting the maggots from the bodies and stuff like that. I mean, that's kind of a crude thing, but that's exactly what the talk dog entomology and all that kind of stuff.
We're talking about computer science. So let's type in slip forensics computers. Now I happen to know that they call it digital forensics, but let's say you didn't know that. So you, I just typed in forensics and. See why? And it automatically came up with some keywords. This is how you do it. Now this works.
If you're doing, if you're doing this with cyber security analyst, if you're doing information security, officer information, system, security, period cloud security, anything you, any kind of subject matter, you wanna do this also works for any other field. You wanna be in you just type in a little bit.
And it starts to come up with some of the key words. So let's type, let's look at this one right here, computer forensics analysis. This is leading us down a rabbit hole of all the security keywords that we need for this particular career path. Now I'm gonna go ahead. I'm on monster.com, by the way. And now I'm searching for this career, but now where do we get the keyword?
Once these jobs come up, I'll show you. So, another thing to note is the salaries. Now, if you didn't know, this salary is for information security analyst and they don't always sell the name. You notice the names, none of these are saying forensics. That's because that's, that's how this works. Like if you go into whether you're doing cryptography, whether you're doing whatever, it doesn't always have the exact name of the title of the role, the work role that you want.
And that's why it's very important for you to do the research on your own to figure out what is in this career path. Okay. What are the key words? You can see a pattern already, information security analyst, information, security analysts cyber intrusion, detection, analysts. These are all analysts, right?
Let's look at this one. Cyber forensics analysts. So all of these jobs have analysts work in them. Okay. That's why it's all, these are coming up. The key words are gonna be in the responsibilities, the requirements and the skills, and sometimes they'll have, okay. Yeah. Desired certifications. Just off of this right here.
We can get the DNA.  that's associated with this particular job role this work role, right? Just off of this one thing right here, we can, we can pull a lot of different gold out of this right here. Now let me, let me just show you what I'm talking about in the responsibilities. What you wanna do you wanna read like four or five of these to get an idea of what this job is all about?
First of all, cuz you might not even want to do it, right. You might have watched a CSI one too many times and you're like, oh, I wanna be a hacker. I wanna be, I wanna do forensic, like. It's the job is rarely what you think it is. You know what I mean? So you, you definitely wanna do your research and if you can talk to some, somebody like myself, who's been in this field for a while and ask their, ask them, like, how do you like it?
You've been doing this for 20 years. How do you like doing this job? Is this something that you think I should do? What are the pros and cons? Those are the kind of questions you really want to ask. Let's get back into keywords. So if we're looking at keywords here, I'm seeing a couple off the top of my dome right here.
If you see words like this, that you don't know what the hell it is, PCAP, that's a key right there. If you see there's a couple key tasks in here, stakeholders. There's a couple of key in here already, but you wanna read through responsibilities cuz you might, you might not even wanna do this job collects network, device, integrity, data and analyze signs of tampering and compromise.
Okay. So signs of tampering and compromise is one of the things you do as a. As a forensics guy. Now let's look at, let's get a little deeper into this desired skills. Look at this. Now this is a gold mine of all kinds of keyword. See all this stuff right there. These right here are tools. It says you need to be experienced and proficient with the following tools in case FTK sift.
These are all tools of the trade for a forensics guy. Very important. Like just like a plumber. Like if you are a plumber, there's certain tools that you need to know. Right? There's certain things that, that you basic things in that field that you need to know. If you don't know 'em you gotta get to know 'em right.
Especially if you're brand new at this, you gotta get to know what those things are. Now I'm talking to people who might have a little bit of it experience or something like that. For forensics, you, you probably have to know, at least the basics. In it very, very important. So now let's get back into this.
Let's get back into finding out key keyword here. So these are all key words right here. And now what you wanna do is take these. You got two things you can do from here. You could take this and put 'em into a copy of paste it into a, a blank text file. You can do that. Another thing you can do is put it into something called word art and word art.
What it'll do word word art does is it makes a visual representation of what of what you found. So let me just show you what that, what I'm talking about, that word, art.com and it's, it's just a tool to kind of help you to, to visualize what's going on. So here's word. All right here, you can create your own.
And it, it comes up with this site here and what you'll do is you'll input the words. You'll copy them and then import them in. So let's, let me just show you what I'm talking about. So we're gonna go to, I'm gonna go back here and I'm gonna copy and you wanna do this on two or three different jobs. I'm gonna copy this and we're gonna import what we just copied into word art.
We're gonna import it now. They, they take it right here. So I just copied it. Boom. I, I put it in here and I'm gonna import these words and now what it is, parsed out every word that's in the text that I just downloaded. So what I do, let me backtrack a little bit. So what I did was, what I'm doing is I'm going through two or three of these different websites, two or three of these different jobs, and I'm gonna copy and paste those into a one file.
One word document. Then I'm gonna take those and I'll put 'em into word art. And then we're gonna do get a visualization of what this looks like to see. What, what areas are the most important that we need to focus on tools. Look at this for so forensics, we can see that tools is mentioned a whole bunch of times out of this.
Now this is kind of a light list. Like it's only mentioned twice, but you wanna get like four or five different ones and dump 'em in there, but you kind of see the idea of what is happening here. And then the tools that are mentioned the most is in case now, in case it is a forensics tool, that's very expensive.
You might be able to get a free a free version of it, trial version to, to mess around with it. But this is not, this is not a cheap, this is one of the most expensive tools out there for forensics. So in case I'm very familiar with I'm familiar with that. It's used quite a bit in the government to.
What they'll do is if, if somebody's done a crime on a computer, I could tell you some crazy stuff for forensics that's happened is it's pretty dark. I mean,  the stuff that they're, if you have a forensics guy in there, then whatever the hell's on my computer is pretty, it's pretty bad. Right? It's not something I could talk about without getting flagged by every, you can kind of come up with an idea of what it is, it's murder and it's, it's like stuff like that, right.
Or worse or worse, think of something worse than that. So, anyway, so that's, what's on people's computers. It's just bad, man. Anyway, so in case what it'll do, one of the things it does is it'll take a hard drive that people, somebody has tried to clean, that they try to delete stuff and in case can see all the stuff they.
The stuff's still on the computer after you delete it, by the way, even if you put it in the trash and then emptied the trash, it's still on the computer. And in case looks at the ones and zeros that were originally written on the disc, lifts those up, and then it can reconstruct those into files. Like if they had a image or a video or whatever, it can reconstruct those and give that to whoever's doing the investigation that they'll use for a court case or whatever.
FTC, I believe does the same thing. It's like an open source ver version of in case if I'm not mistaken. And then there's some other tools here, but yeah, this just gives you an idea of how you can pinpoint different keywords that are in any kind of genre and any kind of anything that you're trying to do.
So now that we know how to do keywords, the next thing we wanna do is put that in our resume. Now you don't wanna just put this in any resume. You wanna put it in a, at ATS style resume. Let me show you what I mean by that. So I have an example of that. In my book here. And I'm just gonna show you that real quick.
And if you want an example of this, there's a couple things you can do. You can go and Google how to find a ATS style, resume those exact words. Or you can go to my site combo courses.com and look for a cyber security marketing course. And that has a free downloadable of what I'm about to show you.
And it has the actual format that you can download it and use it for your own resume. ATS style resumes are so important because what the, and see I'm using word are here. I'm telling you how to do this. I'm walking you through it in this book. That's all the stuff that's gonna be in this book. That's coming here real soon.
So I'm looking for the actual resumes. It's I got a lot of stuff in here. It's breaking down everything, every aspect of what I'm telling you right now, but in greater detail I'm I skipped over a whole bunch of stuff that you should, that you should know. . So I'm trying to find my ATS style resume in here.
Man, where is it? Okay. ATS. It should be here. Okay. ATS style, resume all the sections. I'll give you an example of what that looks like. And then we go to there, here, here it is right here. All right. So here is example of a ATS style. Is this it? No, that's not it. Sorry about that. Yeah, this is it. This is it.
See how simple this is. This is an ATS style resume. It's very, very simple. It's it's not got a lot of stuff in it, so it'll have the person's name. It doesn't have any kind that's and fancy. It's nothing fancy going on with this. Now you can make a fancy ATS style resume, you know, and I'm, I'm not wasting my time with that for this.
I'm just telling you exactly how to do this. So you'll start off with the, the, a breakdown of what's going on a person, and then you'll put the your contact information and you'll put A breakdown of who you are. Another thing that I do in the summary by the way is I'll put, I'll put Hey, I wanna RO work remotely, cuz that's an opportunity for you to say that another thing you can do is say, Hey, I have a security clearance.
Like you wanna put the security clearance right up top, if you can. So you can put that in the summary. So you right here, you just put summary, this is ATS style resume. This is it right here. You put the name, you put the contact information. You put a summary, you put education up top, you know, in this style right here.
See how this is. And the reason why the format of this matters is because when your resume is when your resume is uploaded onto these sites, when if you put it on, indeed, that's another thing you need to do. You need to put it on. Indeed. You need to put it on monster dice. LinkedIn, you need to put it on as many sites.
If you don't have a job, your job should be to put this on as many resume as sites as possible. That's what you should be doing. Okay. Another thing I show you how to do is how to protect yourself because another one thing that's happening right now, lately is these freaking scammers are scamming people to get their social security number so they can do identity theft and all that kind of stuff.
So I've never felt fallen prey to that because the way that I do my resume, I don't put my real name. This is crazy. This is CRA I don't see anybody doing what I'm saying. I do not put my real name on the sites. Not I don't do that until I'm like on a screen, I'm talking to a screener, like maybe the second interview.
Then they know my real name. They do not know my real name till I'm on the second interview a lot of times. Right? Cause I'm screening them as they're screening me. Like I'm screening the organization. As I do not put my real phone number. I do not put my real, I might even put a different email address, like a fake throwaway email.
Like you can even do that. But I put a different name, an alias. I put an alias, something similar to my name, but it's not my actual name. I do not put my real phone number. I'll put like a, I'll use a Google voice. I tell you how to do all of this in this book. All right. All this is coming. Soon as I finish this, I've gotta do the first draft of this book.
You can see all kind of misspellings and stuff in here. I'll write the book really fast and then I'll go through it and then edit and stuff like that. So I just wanted to tell you guys, like, I just wanna inform you, this is how I do it. And it's been working for me. I've not been without a job. I mean, we've, you know, we've had several different collapses in the economy where we have recessions.
We've had like, that stuff does not affect me and I'm not trying. I mean, it affects me in like, okay, if I'm going to Walmart and the prices are higher or the gas is hot, jacked up or something. Yeah. That, that affects me obviously. But I'm talking about with a job.  I'm good. Like I'm always employed. And the reason why is because I'm in cyber security, I'm one of the I'm in one of the fastest growing industries in the world.
And not only that, I stay ahead of the game by marketing myself. So I'm people are constantly contacting me about jobs and I'm not sent telling you this to two, my own horn. I'm telling you, you can do this two. You can do all the stuff I'm doing, too. Everything I just told you is what I do. Everything I just told you is what I do.
And that's how I'm able to stay ahead of the game. I put, I, I have a dope resume with all the keywords for the industry I'm searching for. It's all over my it's all over my resume. It's in the, it's in the it's in the, the summary it's in the, it's in the, the actions that I've done for an organization and my work experience.
It's in my skills. It's all throughout my resume. And then I put that out there. And here's another thing. If you are in it, If you are on a help desk, if you are laying cable for people, if you are in the hospital, if you are wherever you happen to be, if you've touched a computer before, okay, you have to put all the security stuff that you've done for that industry, you have to put all the stuff you've done, cuz that's really important.
A lot of times what people will do, whether what they won't do is they won't put the cybersecurity actions that they have taken and, and that's a, that's really bad. So that's another huge thing that you have to do. Okay. So let me keep going here. I'm gonna answer a few questions. I'm not gonna stay on here too long, but if you have any questions, feel free.
If you happen to be watching me feel free to ask me any questions that you have about getting in this industry about cybersecurity, about risk management framework, about security compliance, anything at all. I've been in this career field for a long time. I'm gonna tell you from the perspective of somebody who's been doing this for some time real world Examples, real world practical things that you can use to, to upload, to upgrade yourself.
All right. I'm answering some questions on YouTube as I do once a week. And if you didn't know, I'm all on TikTok, I'm, I'm answering questions there. Very one-on-one type questions. I'm answering questions on my email. I'm doing work for people like helping people with their resumes. I do all that kind of stuff.
If you're interested in that kind of thing, where I'm going way deeper and doing like a one on one, like just me and you corresponding, not like this kind of stuff you can text me at, you can email me at combo courses@contactcombocourses.com. Or you can go to con courses.com and find my contact information there.
I'm out there. Let me answer a couple of these questions. Somebody said, watch one of my videos and said, this is a gold mine. Wow. I appreciate that. Great compliment. This is when I was doing a video about help desk to cyber security and trying to helping people, helping people with that. Somebody said, how can I purchase this book?
Some old book that I wrote? If you didn't know, I've got some books out there on audio, on audible. So if you're interested in getting into, if you like, like listening to books, I listen to books quite a bit. And I just wanna tell you guys, I have a book out there. If you go to audible.com, if you happen to have it, if you don't have audible, actually you're in luck because they'll give you this.
They'll give you like a free trial. But you can go just type in R MF. ISSO. And these are two of the books that I have right now over over four hours worth of content to listen to, if you're interested in this. This will also help you with cap a little. If you happen to be doing a certification in cap, it'll help you a little bit in security plus, but it's like a small portion of security plus.
So it's not gonna help you that much, but cap, this helps you probably, this is 60% or more of the stuff that's on the test. It's not cater to you taking the test, but it will help you to understand like the practical implementation of risk management framework. So there's that if you're interested in listening to this, it's on audible, I'm also on Amazon, just type in, you can just type in Bruce Brown or you can type in NIST 800 control family.
My book is out there as well. And then you can also order it directly from me on combo courses.com. This is the site right here, tons of free stuff here, by the way. I, people are really upset about selling products and things, but a lot of the stuff that I have on here is actually free. And if you go to YouTube, if you follow me on YouTube, it's just so much free stuff on there.
Like a lot of the stuff I say on here, or that's on my website or that's in my books, it's there. You just gotta dig for it. You know, if you want a little bit deeper dive, then that's when you going to get the book or get the course itself. That's, you know, when you're serious about this, that's when you wanna start getting the book and, and getting in deeper in this and asking direct questions.
Okay. Somebody ask me if you want to be an ISSO, what certification do you need? That is a great question. Let me break this down to you. So if so, work is normally for the federal government and let me just put you on some game right here. So if so, work. The federal government goes by something called 81 40.
So 81 40 D O D 81 40 is a breakdown of what every contractor and government employee should have as far as certifications in order to get in this field faster. So what I'm doing right now is I'm actually showing you what 81 40 looks like, see this, what I'm like. And for those of you who are listening to me, I'll explain what you're seeing, what I'm, what we're seeing.
So this is 81 40 and essentially it's approved baseline of certifications. It changes from time to time lately, every about six months that've been updating this. So there's a couple things here that I'm, that I'm not seeing. That's been either removed or added. In fact, let me see if I can go to the newer version of this.
If you go to, oh, what is it? Dissa dot mill. Yeah. And you might see me. Okay, DISA dot mill. I think it is DISA dot mill, 81 40. They have the, one of the most up to date versions of this thing. I'm trying to look for 80. They used to call it eighty five seventy and it's a, it's all the approved certifications.
So if you go by this list right here that we're looking at, this is a list of approved baseline certifications. Let me explain what this what's going on with this thing. If you can see this, if you can, let me make it a little bit bigger here, but I'll also explain it. So they have, they have this broken up by technical and management architects, analysts, and auditors.
Okay. Those are the main categories. And let me just explain each one. So the the I a T means information assurance technical that just that's basic technical troubleshooting.  It might be designing or configuring systems. These certifications are needed. If you're a level one, a level one is basically like a help desk person.
This is a person who has a, basically a one on one relationship to one customer at a time. They, somebody calls in and says, Hey, I have a trouble ticket. That means like something broken and they're, they're not connected to the internet. And they happen to be on the fourth floor. And then you, or you call 'em on online.
Maybe they're, you know, you're a remote worker or whatever, but this is a first line of defense for people fixing computers, help desk customer service, field technician, one, that kind of thing. They will. They're expecting you to have an, a plus certification as listed here, a CCNA security, which is, that's a very hard security.
That's a very hard certifi. I don't know why they put this here. I didn't make this. So keep that in mind.  network plus C and D, which I don't even know what that is. S S C P one of those things. That's I a T level one. That's. And remember I a T level one is a help desk person. Now, if you happen to be upper level, like let's say, not only do you do help desk stuff, but you also do some networking stuff like you might have, you might be responsible for fixing the network on a whole floor.
This is like network engineers. This is like this is like people fixing a whole land, a local area network people who's responsible for a local area, a virtual local area network. So they're, they're kind of having to look at server issues as well as switching and networking problems locally, as well as like one on one customer support.
So what certifications does an I a T level two and information assurance, technical level two need so that's a CCNA security plus CSA plus a CI. So all of these things security plus is a big one. These, these are the ones that they're looking for. Okay. When we're gonna get to the information system security officer in a second here, I'm just building up here so you can kind of understand what's going on now.
I a T level three. So this is an enclave. Normally these guys are not only doing like one on they're kind of beyond the one on one type type of thing. Cuz their skill sets are so versatile that they're needed to do bigger things they're needed to do more like working with the architecture team, working directly with servers they're they're handling stuff.
That's like. Local area network to local area network. So these guys have professional level search. They're very, very in the weeds, but also high enough level to where they have to know, see the bigger picture of what's going on with the network. They're doing enclave to enclave. That's like one lo local area network to another local area network and possibly WANs, which is a wide area network.
And that's way more complex. So this is CCN P security. That's a very difficult certification, a professional level cer Cisco certification, a CSP, which is also a professional level cert that's no joke, a C S S P high level cyber security certification. And then some others G C I H, which is incident handling.
And I, they just added this one CCS P, which is, I think, a cloud, a cloud certification from ISE two squared. I think, I believe that's what it is. Okay. Now let's get into I ISO and the ISO, if you didn't know, is a information system security. So that is kind of what I do. And I can kind of give you in an, in a nutshell, like what an ISO, an information security person does.
So this job is typically your day looks like this. You're doing a lot of meetings. That's what your day looks like. It's a lot of meetings because you're, you're talking to other people within your organization, stakeholders, you're, you don't have to be a, a subject matter expert in say, firewalls, you don't have to be a subject matter expert in say networking or routers and stuff, but you do have to know enough to be dangerous.
Like you do have to know enough to communicate what is happening with the organization. Your responsibility, as an information system, security officer is to manage the risk is to help the organization to manage the risks of the organization so they can maintain their security posture. Now you might be like, Bruce, what the hell are you?
Are you talking about what are you? Let me spit it in layman's terms. That means. The, the organization has a certain level of security and they need to maintain that. And what does that mean? Like, think about it. Windows is constantly changing. It's constantly having upgrade to patches. There's constantly vulnerabilities coming out.
There's constantly new education that needs to happen with the users. There's all these new threats that are happening from day to day. Everything's constantly changing in it. Well, that's where an information system security officer comes in because our job is to make sure that no matter what changes happen, the organization stays compliant and stays secure at a certain level.
It's very challenging, especially if the organization has a lot of different technologies or also very large or organization with lots of stuff going on. So let's get back into what actual certifications does this information system security officer need. And I'm gonna show you here right now. So let's go back to the 81 40, so 81 40 up here is an is.
So is considered a, a manager type role. Okay. It's a manager type role because you're dealing with, you're not just doing in the weed stuff, fixing computers. You're not just working with firewall. They might have you do some stuff like that. But your time is mostly spent coordinating with the organization to make sure that the organization is doing what they're supposed to do.
I said organization. So you're, you're talking to C level execs. You're talking to upper level managers. You're talking to the, to the system, administrators, you're talking to users, you're talking to user reps. You might even be talking to the customer. So it's a lot of meeting. So if it's a manager type role, you gotta be able to communicate effectively.
So a cap, a cap is a, a certified authorization professional. So what they do is exactly what I'm talking about. They make sure that the organization can maintain a certain level of authorization so that the, so that all of their documentation is good, so that all the security compliance security controls on their system is good.
And let me break this down to you. So cap is a good one. Another one is CI while I'm topping here. Another one is a CI S S P CI SS P is a good one. Security plus is also a good one. Those three, I say, well, the top certifications that ISSO is typically typically has. Now this might evolve cap cap.
I notice comes up a lot. CS a comes up from time to time. But look at these, what I'm, what I just did was I logged into ISE two squared.org, and I'm showing you the different certifications now cap. This is the certified authorization certification. So security assessment and authorization certification.
So that's what it is. Certified authorization professional. That's what it's called. So this is one of the top. This specifically focuses on N 800. So N 800 is what the federal government and states and some other organization contracting organizations will use to ensure that you know what you're doing when you're talking about security.
For an organization. So these, let me just read a couple more here, a, a couple other ones that an ISSO is considered they're good for an ISSO is let me just name a few that I've seen in the industry, a cap, a cap, a C SM, a C S S P a G S GS, C L L C. And a recent add-on. These two right here is C, C I S O and a H C I S P P, which is normally for hospitals.
This is like HIPAA compliance and stuff that one's getting gaining ground right there. And this is listed on the dissa site. So this is that's a dot mill site. So that's, that's a big deal right there. So those are the main ones. I hope that answers your question. Let me keep going down questions. If you guys have any questions whatsoever, feel free to ask me, like, I've been doing this so long.
Just off the top of my head. I, I know this stuff. I've just been doing it so long. You know, I don't know if that's necessarily a good thing, cuz it's pretty much. All I know , you know what I mean? So let me see let me answer a couple questions here. Somebody said how do you get, how do you get this?
I'm looking for? Okay. What, what are you talking about here? A hundred. Oh, okay. I posted a job a job, a remote job where you're making a hundred K. And somebody says, how do you get this? I'm looking for this right now. I took a cyber security course, and now I'm studying for the interview questions.
I would like to know how you do this boss. Okay. So I do this, like in the beginning of this, of this session, I, I talked about it and I can just give you a brief rundown. The first thing I do is I make sure all the keywords are on my resume. So every, every category of cyber security. Has a different set of keywords.
For example, for example, at one time I was proficient at like two or three different parts of cyber security. I was, I was proficient. I'd done it before I'd had certifications, everything. Right. And those two were one, I was a seam engineer. That's a security information event manager, engineer. I could build them from scratch, set 'em up, create content for it.
And it could monitor all your logs. You know, I did that for like three years straight, so I just, I just knew it. And then another thing was, I was an information. I still am information system security officer. I know that means I like, I know how to allow an organization to be compliant with certain security standards.
And then another thing I was good at was cyber security analyst work. So those three things, those are three separate resumes. Okay. They have three separate keyword sets of keyword. . So what I did was I made a resume for each one of those. Each one has different certifications that are more relevant. I'd put those on top.
Each one has different. Some of 'em really require a security clearance. Like if so, and a cyber security analyst usually requires a security clearance, cuz you're working in like a, a, so a security operation center, which is, has classified information and blah, blah, blah. But the, the scene really didn't need a security clearance.
So I could even leave that off. And that was still good. My point is every single time you, whatever career path you're going in, it has this different set of, of keywords. And so what I do to make myself more marketable for this is I get keywords for each one of those work roles. Whatever it is. And to do that, you can, you can actually research it and figure it out.
Right? And I'm not telling you to lie on your resume. I don't recommend that a lot of people like lie on your resume. Why aren't you, why aren't you lying on your resume? Me personally, I say don't no, do not lie on your resume. Do not put your picture on your resume. Like put your picture on your, not resume, but, but unless you're on in, I guess EU does that, but put your picture on your profile.
Some people are like, nah, because I'm black. I don't want people to see that I can't get jobs. Nah. Why would you wanna work at an organization who doesn't want you? You need to put your picture there and if they don't wanna work with you, you shouldn't wanna work with them. That's how I feel about it. I don't wanna work somewhere.
They don't want me. So I put my black face on my profile. Go look at it. It's up there right now. So that's number one, like put your don't lie on your resume. The reason why I don't lie on my resume is because I don't want to get in there. And then they, I, they think I'm some, I'm freaking gonna walk on water and I don't not for that particular technology.
Not only that, but in the res in the actual interview, they will ask you these questions and then they will verify what you sold them. They will call your employer and ask, Hey, did Bruce do this X, Y, and Z. They'll do that. Especially as you go higher up in the echelons right now, if you wanna fudge some numbers of how long you work the place, and you know that it's not that big of a deal, but do not put certifications.
You don't have do not. Don't lie about your degree. They're gonna check that stuff, right? Don't like, this is some obvious things you shouldn't, you shouldn't lie about on your resume, cuz they will ask you I'm going through an interview process right now. You better believe they're investigating me.
They're looking at it. Every part of my life I'm having to put in there. Right? Because it, you can't, you can't just lie on your resume. So I don't recommend lying on your resume, put the real deal on your resume. But not only that put the key words for what you're doing on your resume. So that.  when so that way, when you put the, when you upload this into LinkedIn into dice, into monster, and you need to put it on like 20 or 30 different job aggregators, okay.
You need to put on 20 or 30 different ones. And that's why I say you shouldn't use your real phone number or your real, you should use an alias because you're gonna get so many calls from all kinds of people and you don't wanna get scammed anyway. So that's what you do. That's what I do. And that's how I've been able to get all these offers for remote 100 K type jobs or more.
And, and that's how you do it. And I'm writing a book right now. If you're interested in this, if you're super deep into this, if you're very serious about this, I'm writing a book right now, it's gonna be out soon. And if you, if you, if you're interested in this, the very beginning of this podcast, I broke down exactly how, what I'm telling you.
I broke down. I showed you my like, how, how I picked these key out, how I find them. All that kind of stuff. If you're interested in this, a book is coming, that's gonna break all this down in great detail about how to get into cybersecurity in particular, but you can use these techniques for basically any, any job where you have to apply for a resume.
Any job you need a resume that you could use it for that. So let me see, I got a couple other questions that says on TikTok it says I just got a free ISO two course. And let me see. Cert is free when I'm done. Have you heard of this course? Yes, this is, this is great. Like thank you so much for asking that question.
So I've been, I've been telling everybody about this new certification that's coming out, like what's happening right now. If you guys didn't know, is that the government's hurting for cyber security positions, there's something. 700,000 careers that are empty slots. Like we in desperate need of, of people to get in here.
So what's happened is there's been this huge push from nonprofit organizations, corporations, and government entities to actually get people into this field as entry level. And so ISD two squared has this new certification. That's an entry level cybersecurity certification. And right now it's free. It will not be free forever because is ISD two squared.
I don't know if you knew this, but they don't, they don't mess. They don't mess around. They do not. These guys have the top cyber security certification in the world, arguably in the world's called C I S S P. I have this certification, this certification changed my life. It's a high level cyber security certification that talks about nothing and everything.
But it is so good at marketing me. Like, all I gotta do is put that on my resume. I could probably just have a blank page with just C I S S P on there, and I'd probably get hired. That's how powerful this resume. And it's the reason why this certification's so powerful is because they've done a great job of marketing it.
That being said, I'm saying this to tell you that they're now given this damn thing, this right here for free, this is an entry level for you to get into cyber security. This right, this right here, I'm showing you it's called certified in cyber security CC. Now, from here, you can build into other sec into other this is an entry level, but you can take this and build up to a higher level certification.
That's why this is so powerful. And these guys, this is not some fly by night, organiz. This is one of the top, if not the top and best cyber security certification organizations in the world on planet earth currently right now. So this is a great path. If you are actually looking into this, this is a great path for you to do, do this, doing it for free.
They're giving it away for free. This will not be free for long. I guarantee you because they're trying to compete directly with comp Tia security plus, that's what they're trying to do. And eventually this right here, this certification, I mark my words. This certification right here, this certified in cyber security will be on this sheet right here.
This is 81 40. This is 81 40. Also known as 85, 70 approved baseline for certifications. They will have CC on this. I bet you it'll be like right here. They'll put it right here alongside a plus certification, alongside C and D and all these other ones. And once this goes on here, It'll be way more marketable than it is right now.
Right now it's a free certifi it's it's brand new people don't really know about it. People are kind of figuring it out. Like they're kind trying to compete with this and the Google support it and the security plus, and those kind of certifications that are entry level because the government is making this huge push to get more and more people in this field.
This is a really, really exciting time to get into cyber security. This is, this is a rare opportunity where they're trying to open the doors, but you, this is not a field where you can just come in off the street and know nothing. You have to do some work. Like even if you come in and know nothing, you have to do work to understand the basics of information technology.
Right. That's all. I'm, that's what I'm saying. So this is a great opportunity. Let me see, I got a couple other questions that says, how does a civilian get a security clearance? Okay. So there's a couple ways. Just, just so you know, I've been doing this for some time and I've had security, all kinds of security clearances from public trust, all the way up to top secret type certification security clearances.
Another one misconception that you, that I wanna dispel is that you don't need a security clearance to get into cyber security. They're two separate things. Okay. A security clearance is just verifying that you are, are who you say you are. They're VE they're doing a, a, anywhere from a basic security background check to make sure you're not that you are trustworthy to work in their organization with secret information.
They're making sure you're not linked to any kind of terrorist organization or insurgents or militia organizations. You'd be surprised. You'd be surprised how many people are associated with it.  because every time they ask me, I'm like, ha ha. That's ridiculous. I'm not, but no, there's really a lot of people who are associated with these organizations that wanna take down the government that don't feel like they have some kind of issues with the United States government, or they're tied to another government.
They actually happen to be working for another government. And they're trying to get in and infiltrate. You'd be surprised how many people this, this applies to anyway. So background check is just trying to see if you are who you say you are. If you don't have, make sure you don't have any crazy credit issues, that's gonna affect you to work on their job, making sure you're not like a, your a super predators killing people or something like that.
Yeah, they're trying to just do that. That's separate from cyber security. Okay. Cyber, a lot of cyber security jobs need a security background check. Because the nature of the information that you're gonna be having access to, and they wanna make sure that they can trust you to protect their systems, but they not, every, not every job requires a security background check.
Okay. Cyber security is their separate things. You can be a janitor and need a security clearance. Okay. So the question was, how does a civilian get a security clearance? There's a couple ways. Number one, work for an organization who will get you a security clearance. If you happen to work in the DMV area that's DC, Virginia, Maryland area.
There's so many jobs, not just cyber security you might have be a groundskeeper and mowing grass and have to have a clearance, some dead serious. You might be painting the inside walls of a, a skiff that need you need a clear. You might, there's all kind of clerical jobs secretarial jobs name something, janitors anything like can get you.
So you would, one way that you could get in is if you had a job, if you got a job at a place that required a clearance, a lot of times they will pay for you to get a clearance. They will pay for you to get the clearance because it costs money to get a clearance. Another thing is you can there's sites.
Somebody contacted me the other day. They were trying to get me a clearance. Like they didn't, they didn't know. I guess they would contact me and saying, Hey, we can get you a clearance and stuff. So there's, there's private organizations that can get you a clearance, but you're gonna have to pay for it.
It's not cheap. Just to give you an example, from what I heard a security, a secret background check is like $5,000. And then a Ts is like $10,000. That's what an organization has to pay to get you a clearance. And then a public trust. I don't know, public trust is like here. Secret clearance is here and then above that is top secret and all other white house, all this other stuff.
So, yeah, so you can, you can get into a position, a job that requires it and then they'll let the organization pay for it. That's probably the best way. The other way is to get it privately and pay for it yourself. That's another way. But then it has to remain active. I don't know how all that stuff works, but so those are the two ways that I personally know about how to do it.
So, and I could be wrong. Anybody else you guys know of another way to do it, please chime in and, and, and inform me what's going on. Let me see here. Somebody ask hope that ask your, answer your question, by the way. Somebody ask so I just signed up and I have to take an exam. Yes. So, so I believe that that, that I C two squared, they have a, they have a course.
All right. And I believe the course is free. If it's still free, they have a course that you can take that breaks down. What's gonna be on the test. And then you, you, you go to that course, you study for it. If it's still free, hopefully still free it. They were saying it was a value of one ninety nine, a hundred ninety $9.
But even if it costs $199, it's worth you investing in yourself. It's, it's, it's worth the risk. It's worth the risk. Anyway, if it's still free, cuz just last week, it was free. You take the, you go through the course that I believe is on course. Sarah it's either on course, Sarah or it's on their website.
Okay. Sign up for their website. They'll give you a breakdown of everything you need to do. And then from there you will take the test. Like once you study for it, you take the test. Somebody.  no they're paying for it once you finish the course. There you go. Okay. Thank you for that. ODI says no, they're gonna pay for it once you take the course and there's only 1 million openings.
Okay. There you go. Okay. I stand corrected. So let me, let me correct myself. So what he's saying is once you, it was free for a while. It was, it has actually free like a, like a week ago or something  I'm telling you. So now you're gonna have to take the, the, the course, and then once you take the course, I think was 1 99, then you you'll take the test, pass it, get your certification.
So let me see. You have to take a test. Yes. It's this is, yeah. There's there's hurdles. You have to take the test to get the certification, but it's worth your inve. If you are serious about this, it's worth your time. Okay. Let me see. I got a couple other questions. Somebody said I barely see a hundred percent remote opportunities.
Most people keep wanting people to be on site. That's true. And bro branding, I, I would add to that and say a lot of the security clearance, a lot of the cyber security jobs that require security clearances do require you to be on site at least like a hybrid on site. But I would say that there's a lot more remote jobs opportunities than than there were before.
COVID cuz it was, it used to be really hard to find them. Now they're everywhere and I could show you how to find them real quick. I'll show you let see if I could show you on LinkedIn, if you guys didn't know, I have a LinkedIn page you can search me out on Bruce Brown for the win. Let me show you on.
If you guys happen to be on LinkedIn here, here I am right here. If you type in Bruce, go to LinkedIn and type in Bruce. CIS S P RMF or something like that. You'll find me there. It is right there. There I am right there. And so join me. I'll definitely add you. I've got a, a lot of people wanting to add and I'm, I'm always open to, to add people or you can talk to me online, all that kind of stuff, but okay.
Let me show you how to find remote jobs. Okay. Let me see. Let's let's say you were looking for a cyber security analyst job, right? Cyber I'm just, just randomly pick one off out the air. So now check this out. First. You'll go jobs. And the reason why you wanna check pick jobs is because there it's gonna show you everything.
It's gonna show you companies, posts, schools, groups, people, all that you want jobs. Okay. So search jobs, then post a date. You don't want any time, cuz this goes back like a year or something. You want something within the, at least the last month.  all right, so let's look for last month and then this one's up to you, they got internships, entry level, associate senior manager, whatever.
Right? You ch choose that. But if you don't really care, leave that blank and then remote, let's go to remote job. So here it is right here. You're gonna onsite versus remote. So you've got hybrid, you got remote and you got onsite. You just click on site. Now you notice it went from 17 K jobs down to three K jobs.
I'm on LinkedIn, by the way. So I just went to jobs stuff in the past month. And then I went to remote on site. This is a new feature, by the way, they didn't have, it needs to have all of this stuff. And now they have it on dice. They have it on monster. They have it on almost every site because remote jobs are so prevalent now after COVID.
So here you go. Here are some remote jobs for cyber security analysts, which I just typed in. And that's how you find remote jobs right there in five minutes. I just showed you how to do it.  and you can do this with every site, with monster, with LinkedIn, with with da, with, with dice, all of these show you how to do remote jobs.
And if you go to dice, let me see if this one's ready. So here's, here's my profile on dice.com. I'm about to turn this thing off, man. I'm getting so many contacts with these guys, so there's a way to search for remote jobs. Let me just show you here. Let me I'll do the same thing. Cyber security. I'll just type in cyber security.
I didn't put a location in I'll hit search and check this out. It comes out with this page right here, taking a little bit of time and then look right at the top. Remote only if I hit remote only you notice it went down from 4,800 jobs to 600 jobs. So, yeah, there are less Brandon to, I, I could piggyback on what you're saying.
There are quite a bit less, but there are jobs there. I mean, look at this there's 600 jobs here. I mean, granted, I didn't search for, I said any dates, so that's, that's probably, what's adding to that. Let's do the last seven days. It's gonna be quite a few less. Oh, still 126 jobs. Look at that. These are all remote jobs.
And all I did was type in cybersecurity, look, 100% remote cyber security analyst, all of these are a hundred percent remote. Now you gotta double check. Cuz one of the things I noticed about these jobs is sometimes they'll say they're a hundred percent remote, but then when you do a, an interview with 'em, they're like, well, well it's a hundred percent, but we want you to come into the, I was like, Is this a hundred percent or not?
yeah. You gotta do an interview with 'em to make sure and ask them, is this a hundred percent remote? You know what I mean? Like you usually straighten that out with the, with the actual screener, once you, once you talk to them, ask them, and then sometimes it's, it is remote, but it's like 50% travel or something.
Like there's always some kind of catch sometimes with the judge. You just gotta make sure you, you weed out those gotchas with the remote jobs. I just went through this. That's why I know a lot about it. You know, , I've been, do working remotely for the past seven years now. Like I've been working remotely for a long time.
Crazy. It's crazy to me. Like I've been working. Yes. Seth's been seven years. I started in 2014 working remotely and I've been working remotely ever since. And I will never go back. I will never go back.  all right. And that being said, if you guys are interested, I have a course on how to work remotely.
It's on combo courses.  Go check it out on combo courses dot com, just work, find the remote jobs course. And then I have it out there and I I'm, I might even write a book about that one and break it down. So it's like a 20, $20 book or something like that. I might, I might do that cuz I I've gotten pretty good at getting remote jobs and winning those remote job positions.
Okay. Let me see link to the course. I'm assuming you're talking about the C the CC let me see if you're interested in this. We were just talking about this, this course right here, which is an entry level ISC two squared course, which they're given. I believe you have to pay for their training and then thinks 200 bucks for the training.
Now it was free like last week, unfortunately, no longer free. And then after. That you take the, the test and I think they give you the test for free. If I'm not mistaken, correct me if I'm wrong, TikTok somebody on TikTok, correct me on that one. I appreciate that. But yeah, here's the link right here. It's ISC two dot org slash configuration certifications and four slash CC.
Or you can go to Google and just type in ISE two square ISE, two space CC, and you'll find it. Let me see if I can give you the link in the chat. I, I don't have access to the chat right now. Yeah, and I always walk me through all this other stuff I gotta do to get link access to that. All right, guys, that's it for this one.
Thank you for watching. I really appreciate all the questions. Thanks a lot for, for all your kind words and stuff and all the donations. Appreciate that. Thank you so much. I've got a couple other questions on, on TikTok. Let me see if I can answer those real quick. Yes, it's still a self-paced exam.
Okay. We're still talking about the I C two CC. So I can get an entry level job with a CI S S P certification. Can you get a, okay. So with the CI SS P it requires like five years of experience. So somebody's either got a vouch for you having five years of experience, or so you're typically, if you have a C I S P you don't have, you're not an entry level person.
Now, if you happen to get, I think you can sit for the test, but you, they won't give you the cert until you hit all of these different requirements, but by the time you hit those requirements, you no longer entry level, if that makes any sense. So I don't know if I answer your question. Let me see. You said so I can get an entry level job with a C S S P cert.
You, once you have a C S P you don't have to get an entry level. You're not an, you're not an entry level person. If you have a CI S S P. So, so the, the certification we were talking about is called a, an ISC two. Let me just show you what we were talking about. We're not talking about CI SS P we're talking about a certified in cybersecurity certification.
That's from ISC two squared. It's this one right here. If this is an entry level certification, you don't need any requirements. Before you go into this. If you're talking about something like a CI S S P there's actual requirements, before you can even take the test before you even take the test. And even if they allow you to sit for the test, you have, somebody has to vouch for you that you have a certain level of experience before they'll give you the certification, something to that effect.
Okay. Let me see. Hey, Bruce, where would you start? If you had to start all over again, without any knowledge of cyber, I would start with cloud.  or right now cloud's super hot, man. So I would, what I would do right now. If I was starting from scratch. That's a great question. I would, number one, I'd go to eight.
I'd go to, okay. There's a couple shirts I would get with no experience, know nothing starting from scratch. Knowing what I know now I would start with the AWS cloud certification, that one. And then there's no one from Google called Google, Google. Its, let me see if I can, let me just show you. I don't, I don't wanna be a liar here.
One, the one is called and let me, I'll explain to you why I would get these and you it'll blow your mind and you'll you'll follow exactly what I'm saying. It will blow your mind. So there's one called AWS certifications. If you wanna follow along with me, let me just show you what I'm saying. What I'm seeing right here.
Oh, wait we go back. Okay. There we go. Okay. So AWS certifications. I just typed it in. And skip all the ads, skip all the ads. We wanna go directly to amazon.com site. Okay. So I would take this right here. See this AWS certification so you can train on their site. I believe their training is free and he, they even have a whole path for you.
This one right here, this cloud practitioner is the one I would take. And the reason why I would take look at this it's 90 minutes long, it only costs a hundred dollars. I could take this right now. I could, I could literally I'm thinking about it. Actually. I'm gonna take this test. The reason why I would take this one, one of the first ones I would take is because in the last I just had five different interviews.
All right. I'm not even count counting the, the the screening interviews I had. I like probably 20 screening interviews or more, but I had about five interviews in, in four. Out of the five interviews. They all ask me about cloud. Now I'm an old head cloud is actually new for me. I have not dive dove into it.
I have a little bit of exposure to it, but not a lot. Right. I don't, I know some of the difference between a P a a S an versus a S a a S versus a I a, a S like, if you know what I'm talking about here,  like different platforms of cloud, like platform. Cloud as a service versus software as a service versus whatever, as a service, like everything as a service planet earth, as a service, whatever the hell there, the terminologies, I'm an old head.
Like I, this is new to this crap is new to me right now. Virtualization's not new to me. That's been around, but cloud this and cloud that like everything's going to cloud. And the biggest cloud service right now is a Ws. They always ask me about that. And I had to be like, mm, I, that's not my, you know, but I can tell you this.
Here's what I know. You know, they all ask me about it. So if I was starting from scratch, I dos, if I really didn't know anything, nothing at all. And I was like a, like, starting from absolute scratch. I'll probably take the same one I did when I first started, which was a plus certification. Like if you know absolutely nothing about it, then probably the best thing to take would be an a plus certification, cuz that will get you.
At least knowledgeable on, on how computers work, cuz you really need to know, you need to know like the difference between Ram storage and and the CPU you need to know, kind of have an idea of how CPU work. You don't have to know like how the addresses are mathematically algorithm, the mathematical algorithm of how the CPU, you know, moves pixels from this side of the screen to another.
Like it's not even that deep, like it's just telling you, this is how the Ram works physical memory. Here's how it works with the storage versus the CPU. Here's how they all work to make a computer. You need to know what a computer is, how they work, how to troubleshoot 'em so a plus comp Tia, a plus certification.
One of the first ones I would take if I knew absolutely nothing, cuz that will give you after you take that certification, there's two different ones that you have to take in order to get the a plus once you know that you'd be able to troubleshoot computer, any computer, like you'd be able to troubleshoot.
A laptop, a server, your phone, they're all computers. They all use the same components essentially and different configurations. And then you'll have a solid understanding of how cloud works because it's also a computer. It's also a, it's a bunch of computers that are somewhere else over the internet.
That's, that's pretty much it. And then I would take that one and then another one that's pretty hot is Google support it. I would take that one. I would take a comp a plus. I'd learn everything I need to know about that one, take the test, pass it. I would learn. I would do Google support it. The basic one that they have out there, they got like two, I'd do the basic one.
And then I would do cloud AWS cloud practitioner. That's what I would do. And then after that, I, I put my resume out there and then I, I try to get some, I would do either internship or I'd do a a entry level. I do entry level making 15 bucks an hour to get my foot in the door to, and then I'd work there for like six months.
And then I would transition to another organization. That's what I would do. And then I would, I would take my, my experience from that place. I worked six months and then I would go work at another place and then ask for more money. That's what I would, that's what I would do. Another thing. This one dude on TikTok blew my mind.
So this dude had a brilliant strategy. And if you have the money to do this, this is the most brilliant strategy you could do. If you have the resources to do it. Now, this guy did, but he, he went to this college called. Oh, GWS governors, Western governors, university or somethings. So legitimate college, like the government when I was in the military, they were promoting it a lot.
GWS college college. Let me Western governors. G w G U. That's what it's called. So this, this, this dude, his name is Chris. He's one of the top cyber security guys out there. He went here to this college right here. He took a course in cyber security. I guess they have one here. He did it in six months.
It's not gonna be cheap. He did didn't undergraduate in, I think, six months then what he did WGU that's right. Then what he did, this is brilliant. So if you have the money to do this, this is, this will get you six figures super fast. He took this right. It took six months. It's not cheap. . Yeah. I mean, you know, relatively speaking, it's not cheap.
This is, this is not bad for a college, to be hoNIST with you. So he got an undergraduate in six months, accelerated course in it. Well, he did one of these and then I believe he took the it certification with it. One at, I, I believe he took one of these. If I'm not mistaken he took one of these, see this cloud one would be dope right here.
Look at all these certifications, you could take one of these certifications with it. That's what I would do. And then after you'd come out with a bachelor's degree or even a master's degree with one of these cloud certifications, and then you can, you can possibly make six figures after that. That's in that's within a year within one year.
I think what he did was he did something called the OS. C O S C P, which is super hard certification. I think he did this one right here. I believe he did something like this. And then he was able to get a six figures within a year, which is very impressive. And then he also took this dude. He's pretty impressive.
I mean, this, like, this's some people who are this hardcore and this talented to do this. I don't think this is for everybody, but he took this certification called O S C P penetration test. It's one of the, I heard it's a pretty hard test, but it's from offensive security and it's a practical test where you have to hack live for 24 hours or something.
And you got this certification. Look at this, look at this course,  $1,400. So for all you guys complaining about my course being 200 damn dollars. Look, look at this, look at this Fe your eyes on this. This is how much a course costs baby.  don't complain about no $200 to me. This is how much they cost right here.
All right guys, I'm out.

We talk about the cybersecurity workforce
dod 8140

Some one doing social work wanted to get into cybersecurity.

In this episode, we talk about privacy. 

It is important to have emotional intelligence in cybersecurity.

get the xls spreadsheet here:
https://securitycompliance.thinkific.com/courses/cis-control-maps
 
Hey guys, this is Bruce and welcome to a convo course podcast. And today I want to talk about one thing in particular, and that is the CIS and how it maps to the ISO 27,000. And one, if you didn't know, both of these are security compliance frameworks that are used in the public sector and private sector, as well as international organizations.
So pretty much a little slice of everybody use. One are the two of these particular security frameworks. CIS is typically used for the private sector. That means like retail stores or banking or community centers or those kind of organizations that are private Lee own organization. And sometimes nonprofits.
I'll also say that in having worked in the public sector from time to time, we'll actually use CIS controls as well. It, just depends on what kind of what we're doing. Like we use the CIS benchmarks. I've seen those used within the government within like department of defense, cuz it's just a great tool to use.
And if you're interested in finding this, just go to Google or being or Yahoo or your favorite search engine and just type in CIS controls and. Right now you have a mapping from the CIS controls version 7.1 to ISEL 27,001. Now right now, CIS controls are on version eight. I'm not, I don't think that one's out yet, but right now we are focusing on.
Version 7.1, but we will revisit this once we get version eight. Okay. So that being said, I sell 27,001 is an international standard for information security management. And they both, do the same thing. It's for an organization to have a guidance on how to actually. Proceed as far as securing their entire network, not even just the software and hardware devices that are connected to the network, but also things like physical security, maintenance.
All aspects of protecting the actual security of the system. Whether it's outside of the system whether who's touching the system who has access to the system, all those things let's start from the top. So what we're gonna do is just focus on the main security controls, like CIS control, one that is inventory and control of hardware assets.
And you'll see that the IO 27,001 has something similar in and it's called a.eight.one.one. So inventory of assets, right? They kind of group 'em all together. They don't break 'em apart in individual things for ISO 27,001. Whereas I CIS controls, they break it up into do different things. CIS control one is hardware.
Whereas CIS two is inventory of security controls. I inventory of security sorry, inventory and control of software assets. That is not broken apart by ISO 27,001. They keep those together as a dot eight, do one.one. Let's keep going here. We're gonna go to the next control, which is CIS control three, which is vulnerability management, continuous vulnerability management, every single security compliance.
Framework does have some sort of vulnerability management, our continuous monitoring and vulnerability management they're hand in hand. And this one is no different, so I sold 27,001, let me see let's see if they have it here. They have more of a risk rating response. That's continuously done.
management of technical vulnerabilities. Yeah. So they have a dot 12, do six.one that matches to CIS control three, 3.7, to be precise. Let's go on, keep moving here to CIS control four. And that covers controlled use of administrative privileges. And that's really important because you don't wanna give your admin accounts to everyone.
That's one. One of the things that some organizations do is they'll just give admin rights to everyone, anyone who needs it, they'll just put it on individual laptops and think it's okay. And it's really not okay. Because if you have an administrative privilege on that system, you can pretty much do what you want with that particular system.
And it might even allow you to escalate privileges on other systems. So you gotta be really careful with that. So that's why you have CIS control for. Controlled use of admin privileges and let's see what ISO 27,001 has. So ISO 27,001 does have this and they've broken it into parts and have it as password management systems as a dot nine dot four dot three.
They also have managed privileged access rights. There you go right there. So that matches directly to CIS four controlled use. Admin privileges. Let's keep it high. So far, I've gone through a bio, probably about 50 different controls. If you break it into the sub controls, it's probably 50. We just hit, but we'll just keep it high level and just focus on the main security controls.
Now let's move on to CIS five and this one deals with secure. Secure configuration and hardware software. This means like whenever you have a, laptop, a hard a laptop, a workstation, a server, there's a hardening process. Meaning we're gonna take this system and we're gonna make sure it doesn't have default passwords.
Make sure it has it's locked down. The WiFi's not just open and, attaching to anything. Maybe the wifi is off. We have some sort of secure configuration that we put on all hardware and software for mobile devices, laptop. Workstations and servers. This is a common, this is a, best practice. That's using most security frameworks.
So the ISO 27,001 does have this and they have it broken into two parts ex acceptable use of an asset where you would actually secure that system. And then also secure system engineering principles. Let's keep going to maintenance, monitoring, and analysis of audit. So the reason why audit logs in CIS control six is merged with maintenance is because audit logs are used not only for making sure that the incidents if you find any incidents, you can find them through the audit logs, but also for maintenance because every now and then a system goes down and you could put that in the log.
So it goes directly to a server. So you can, your maintenance people can go in and say, okay, let's look at the logs and see where this thing crash. So CIS six actually covers this and it maps directly to two different security controls in ISO 27,001 mainly event logging and clock synchronization. The reason why clock synchronization is important is because if you need a timestamp for all logs, otherwise if, you see that the system went.
You need to know what time it went down. So the actual clock synchronization is super important to event logs at the, and if the time is off, you don't know when an incident happened. You don't know when the system went down or whatever the log is telling you. All right. Let's keep going to CIS seven, which covers email and web browser.
Protections and these just so you know, these are not that much different from CIS controls eight. This is the same one that's so far, these are all the same ones that are in CIS version eight. So anyway, let's keep going here. We wanna know if this maps to ISO 27,001 and it does. So it goes into susceptible use of assets, just like we seen on the, in the previous section.
And then also it goes to restrictions on. Installations and that's what you have for protecting the email and browser protections. Another thing it has is network controls, making sure that the network traffic isn't going all over the place, making sure that we, making sure that the internal, our internal users are not allowed to go to.
Sites that they're not supposed to go to another one that's broken up into in ISEL 27,001 is control against malware. And that's your anti-virus stuff. E electronic messages that is making sure that you have secure messaging going back and forth, making sure that you don't have like email spoofing, things like that.
So it's broken up into several different parts, but let's keep going here to the next section to C I S eight and that's malware defense. This goes really deep into malware defenses for CIS controls those in everything from centralized management of, manage of anti malware software as, as well as ensuring that anti malware software signatures are updated and things like that.
And we do have this on ISO 27,001 name. And the control against malware is where we would find that in ISO 27,001, but there's several other breakdowns in ISO 27,001 that also link to our malware protection. All right, let's keep going to CIS nine. And this goes to limitations and control of network, ports, protocols, and services.
This is a common best practice that you'll find in this 800 you'll find in all of the different frameworks in some way, shape or form, do cover this on how to actually focus in. And use the, law of least functionality is what it's called the nest 800. But anyway let's, go into this one. So we're talking about associating, active ports and services with two asset inventories.
So we need to know is if port 23 is on which systems are using port 23. And ensuring the next one is ensuring only approved ports and protocols are used are running like what we only use in what we need. And you'll find the same thing in ISO 27,000 in one with security of network services and segregation of networks.
And then also network controls. Let's keep going here and see how we can map the next one, which is C I.  control 10, which is data recovery capabilities. So this one does map to ISO 27,001, namely in information backups that those two map directly to the CIS data recovery. And this is just what you might think is ensuring that you have regular automated backups making sure that you can recover from those backup.
And, making sure that you protect those backups. All right, let's go to the next one. And we don't have that many more to go here. But this should give you an idea of what's in CIS controls and also what's in ISO 27,001 as well. So let's keep going. CIS control 11. So this is secure configuration of net for network devices, such as firewalls routers and switch.
And if I'm not mistaken, this one might be a little bit different in the CIS eight. It's not the same. The content's the same. They just shifted things around a little bit. So this one is, dealing with maintaining a standard for security configurations for network devices. That's their switches.
That's your routers, that's your firewalls and things like that. And let's see if there's a comparable. Control on ISO 27,001. Yeah, we have change management. This is where you would control the actual iOS security on a system and making sure that you have change management. But the, also the another one that they have here on ISO 27,001 is segregation of networks.
That one is lined up with what you have in CIS controls as well. All right. Let's keep going.  C I S 12, and that is boundary defense. Now this is also in N 800. All the stuff that I've read so far is also in missed 800, maybe going forward, we will cover how CIS maps to N 800 because it does it all maps up.
And if one, that's why I say in some of my other courses and in my other videos is if one, you know them. There's a little bit of change of terminology. The control names are different, but if one, you know them all, okay. So this one is dealing with boundary defense, and this is maintaining an inventory of what is in your network.
What you need to know what's in your network. And to do this, you do things like scanning. You do things like denying certain communications from going to certain IPS. You have to control your boundary. In depth is used quite a bit with this one, but boundary defense and this one maps directly to network control.
That's in the ISO 27,001. Okay. Let's keep going here. Let's keep keeping it high level. There's a lot of things that we're going over, cuz we want to keep this high level. Okay. N the CIS control, 13 data protection. What does this one deal with? This is maintaining an inventory of sensitive information removing sensitive data or systems not regularly accessed by the organization.
Anything you don't need, we're gonna get rid of it. And making sure the sense of, data's not floating around out there, which is how a lot of data gets.  and ISO 27,001 has addresses this in several different controls. One is classification of information. Another one is network controls, another one's electronic messaging.
And another one is mobile device policies. And there's a few others, but we are gonna keep going. All right. So C I S 14, this one deals with controlled access controlled access. On on the need to know. And so this one is segmenting the network based on sensitivity, enable fi enabling firewall filtering for between VLANs.
And this sounds a lot like PCI compliance. So PCI compliance also maps to the CIS. PCI I'm, talking about PCI DSS, that's protection of credit cards and the credit card industries and retail retailers and hotels use this quite a bit. So they have to actually go through an audit and assessments and stuff for all of their card readers.
So for this one, you have the same thing. ISO 27,001 has segmentation of network. Network control. You can see them, them using the same ones. Theirs is just broken up differently. So they group a lot of, the controls together. Let's keep going here. We don't have that many more to go.
We're on 15 CIS control 15, which is wireless access control. So this one, as you would suspect it, it's disabling access points that are not used if they're not required detecting wireless access points. That are connected to the wired network and, taking an inventory of all your wireless stuff.
And so this is covered in ISO 27,001 in the inventory of assets and the network controls and the acceptable use of AC of, assets. Let's keep going here to the CIS 16. And I think we only have two or three left here, but CIS controls 16. Account monitoring and control. So in, in N 800, And in this 800, you have this one is AC two, a C one C three.
When you're doing account control and account management and things like that, this one is in CIS control 16. So how does this map? Two 27,001. Control. In the inventory of assets, that's where they control it in ISO 27,001. They also cover it in policy on the use of crypto cryptographic controls and control network controls and user registration.
And deregistration so you can see it's just broken up. They're covering the same topics, but it's broken up into different parts. Now let's keep going to CI. Control 17. And I wanna say this is the last one. Let me see. 18, 19 20. Okay. There's only three more left. All right. 17 we'll just quickly go through these implementation of security awareness training.
Self-explanatory you do have the same thing on ISO 27,001. It's literally called information security awareness, education and, training. Same. Okay, so we're gonna go to 18 and 18 is application software security. That's making sure that you're, whenever you're developing software is developed securely and is, establishing secure coding practices.
And you have the same thing over ISO ISO 27001, which is a secure development policy. Whenever you're developing the actual software, you have to develop it securely. Okay. Then we go into 19, which is incident response. This is a big one. This is also in IR in the IR controls, IR 1, 2, 3, and 4 in the NIST 800.
But how does this map over to ISO 27001? They have something called responsibilities and procedures. And they have reporting information, security events, and con contacting authorities. All right. Onto pen testing. So this is CIS control 20. This is penetration testing and red team exercises. And this one, I don't know, this one actually doesn't have a comparable ISO 27001 control, which is.
Very shocking and that pretty much covers all the maps between CIS controls and ISO 27,001. And we also mentioned a couple of N 800 controls and I'll catch you guys on the next podcast.
If you want to download your free copy of the CIS To ISO 27001. Then go ahead and go to https://securitycompliance.thinkific.com/courses/cis-control-maps

 
Hey guys, this is Bruce and welcome to another convo course of this podcast. And today I want to talk to you guys about what's been going on in the last few months. I've been able to actually travel while I was between jobs and because I have a high-paying cyber security job, I had one anyway. I was able to quit.
My job. I had some family issues like I had to take care of. And my, job was, it was a very high level high stress job. So I was a consultant for all these different organizations and it was just, it was really stressful. And I had all these severe family issues that I needed to take care of. And the, actually the corporation that I worked for was really, kind.
And my boss was, took me aside and said, Hey man, if whatever you need we'll, let you. Had to let check a sabbatical and all that kind of stuff, which was very kind, very sweet very good company actually. But the, problem was I had so much travel and I was, I'm a remote worker there, but it was just too much travel.
So I couldn't make that match what I was doing with my home life. So I, went ahead and just, I had to leave, but in between I knew I was gonna get another job. Actually, my.  Side hustles have been doing so good. I thought maybe that I could just live off of that for some time, but the medical stuff was too high  to the medical here in the us is really bad if you didn't know.
Anyway, so neither here nor there. I couldn't afford to actually live off of my. My businesses and my all my income streams and stuff. So I'm processing, as in processing stuff, I've did a whole bunch of interviews and everything. I learned quite a bit more about the current state of getting jobs in cyber security.
But I was able to get one pretty fast and it was, I was able to get something I really wanted. So a hundred percent remote position making the kind of money I wanna make. And for, and just to give you guys some social proof.  what I've been doing. These, if you go to TikTok, a lot of the stuff I posted on TikTok was there's a lot of these videos that I did directly from my travels.
Here's let me show you one. Here's one right here where I'm on. I'm in Manila beach, I think so. Yeah. That's Manila beach right there. That's the embassy behind me in Manila. So yeah just did a whole bunch of videos. I was gonna. I was gonna go to all these other sites. I was gonna go to Bali and go to Singapore and, places like that.
But I, I just didn't, we had some issues with the flights. So I was just, I just ended up staying in the Philippines the whole time, but I just wanted to let you guys know, like what's possible because I was I'm working this high level job was able to save some money and able to go. Actually take a break for three months.
I've been off of work for three months and I could afford it because I just had, I had money and savings. I had all these other resources that I created. And so that's why I, was able to do it, but now I'm going back to work and everything. And I'm not sad about it, but I, would've been a lot happier if my business would've been able to support me and sustain my family for that whole time.
But unfortunately  unfortunately not . So yeah, thanks everybody for watching me doing this live once again on, on the podcast. And I wanted to talk to you guys about a few things, show you my, new podcast and where that stuff is at. I'm gonna show you the new book that I have. That's coming out to show you to do exactly what I've been doing.
It's gonna break all that stuff down and give you a preview of what that's all.  and and then I'll just answer some questions. We'll just, we'll keep it loose on this one. Let me show you another picture. This is me. I, was on a rooftop hotels, like a resort. It was really nice.
And I'm just telling, talking about showing like me actually doing it and. I've been able to do it by marketing myself. So that's what this video's all about. The video just shows me on the rooftop, jumping in a pool having a good life I wanna show other people how to do it.
Exactly what I did. It really works, but let me show you gonna be a book about marketing yourself in cyber security, how to create a resume in cyber security in particular, but it, you can also use it for it or whatever field you're in. Really like the techniques will work in any field, but I want to focus on cyber security cuz that's where that's what I've been doing for the last 20 years.
So cyber security and it jobs resume marketing. I'm gonna put this on Amazon. I'm gonna put this on my own personal website and I'll, there'll be two different versions and I'll have an audio version of this book. And what I'm gonna talk about is essentially how to get a path, how create a path in cyber security, cuz there's many cyber security is a huge field.
So whenever somebody says, oh, I'm want to get in cybersecurity. It's okay what, exactly do you wanna do in cyber security? Cuz there's forensics. There's incident responders, there's cyber security analysts, there's security compliance people. There's information to security officers.
There's engineers, architects, there's CIO, CSOs. There's all different kinds of roles and different kinds of fields within. Within cyber security, crypto cryptography is also a part of considered a part of cyber security as well. So it's just a huge field and it depends on what you're doing.
Yeah, here's the book it's gonna talk about, like the format you should use. I'm basically showing everything I've been doing and it's really been world. You wanna be spoon fed that stuff and ask me questions directly. Then that's the course expected results. All I do is talk about what, I'm experiencing.
Like I get calls all the time. I can name my price. If I want to go. If I'm willing to travel, I can name my price. I, tell you how to create a profile, how to put yourself out on all these sites and then how to get all the continuous calls. And not only that, but how to.  Get the actual format that you need.
That's gonna sell yourself. That's gonna be able to be digestible by all these organizations and employers who want you. They're looking for people right now. Cyber security is a huge field and we really don't have enough people doing it. Unfortunately, it's getting so crazy that they're even taking in a lot more entry level people than before.
There's lots of opportunities if you've been watching my, my, if you watched my last podcast, I talked about how those out there. And here, they are right here so far. If you want this directly from the site, go, if you happen to be watching me on YouTube, you can click on the link description below, and then it'll go to this site right here, but it's combo courses dot podcast, pod bean.com.
And, you'll find it there. All right. Let me see, what else do I need to talk about? What else do I need to talk about? Oh yeah. So that book that I'm writing a cyber security book. That's gonna tell you exactly what I've been doing to market myself and get a lot of different opportunities to get into cyber security and information technology in general.
So I'm constantly getting emails, messages, text calls all day long. Maybe I'll probably get an average of.  with everything probably six or seven on average a day. Sometimes it's way more. It's actually quite annoying. And now that I actually chose a job, I have to turn all that stuff off. It's just so many opportunities.
It's a good problem to have to constantly be sorting through all of these different jobs and stuff. And out of those tons of jobs out of a hundred jobs they're, probably about 30 of them or not 13 of them that I'm. Or yeah, this is a good one. I'm gonna do an interview with this, with these guys so that's what I'm gonna show you guys how to do, but the second book, it's gonna be a two book series.
The second book is gonna be based off of this. What you see here on the screen. If you happen to be listening to me, this is the nice framework. So this is an organization called the national initiative for cyber security, careers and studies. These guys have been around for quite some time and what they did.
Brilliant. They broke down all the main categories of cyber security in the cyber security workforce. And these categories include there's seven of them and analyze, collect and operate, investigate, operate, and maintain, oversee, and govern, protect, and defend. And then securely provision. And let me just show you like what this is all about.
Like you might be like what, does this have to do with your book? Let me just explain to you, so what I'm gonna do is I'm gonna break this down and make it so that it's understandable to, to everybody, like I'm gonna relate this directly to your, you getting a job, because like I said, cyber security is a huge field.
What these guys did was they broke it all down. If you go to this site, it's like a huge database.  and they have specialty areas in each category, right? So what I'll do I take you to my category? So my category is called oversee and govern. And so this is where a lot of managers, cyber security management, executive cyber cyber leaders are at legal advice, policy procedures, things like that, education, all that kind of stuff, because.
It's not usually hands on type stuff. It's more of you're overseeing what's going on. You're making sure everything is being going in the right direction. So my specialty is really this one right here, which is security information system, security managers, and then they have different work roles that, that breaks this breaks in further down into work roles.
And so it has abilities knowledge, skills, tasks. And, other things that you need to know, if you're trying to get into this actual work role and it, furthermore, what you can do is, and what I'll do in my book is I break this down into even relate it to directly, to like LinkedIn and indeed and all that stuff.
So you can see direct correlation between the categories. That they've broken down here. And actually the categories that are in all cyber security that's cuz that's what they did. They just took seven categories and said, okay, this is how cyber security breaks up. And then they broke that down further into specialized skills.
And then they broke those into work roles.  so I'm gonna take this stuff and relate it directly to how you can take stuff from indeed stuff from LinkedIn and find your niche that you can actually get into in cyber security. And then once you find your niche, once okay, I wanna be in information security officer.
I want to be an information security. I wanna be a COMSEC manager. Then what I'll do is I'll show you how to find. What exact degree you need, if you need one, cause some, don't even need a degree, bro. Some don't even need a degree. Some like just need specific skills, but it'll tell you exactly what skills you need.
Exactly what keywords to use on your resume. Exactly. What everything time you can check out this site is, that. Let me see if I can give you guys the link here. If you go to actually, if you go to Google and just type in cyber security workforce, nice. In N I C E, that right there will guide you to this site that I'm showing that I'm, that you see here.
It's pretty robust. There's a lot of things going on with this site, cuz these guys are very, active and the department of defense. As well as DHS and all these different agencies use these guys as a reference to know exactly what skills and tasks that are needed to do cyber security. Federal government relies on this, what you see here very heavily.
So that's why I decide to make a book about it, to boil it down its stuff, practical knowledge that you can use for your career. Two book series gonna tell you how to market and then how to get the proper career path of what, you want in this field. All right. Let's get into some questions.
This was not gonna be too long of a podcast. I'm going to go to, I've got a lot of questions popping up in TikTok. Shockingly enough. I did not expect this, but I've got about 2000 followers there so far and. A bunch very, active a lot of questions here, but let me see if I can answer a couple before I leave.
Lemme see here, if you're interested in following me on TikTok, just go to combo courses, go to TikTok and then search combo courses. Okay. So it says, somebody asked me I'm in the healthcare field and I'm. Trying to go with the security plus and the H C I S P which is like a healthcare cyber security certification from ISD two squared to stay relevant.
Any tips? Yeah. So this is great. Like this, is an awesome, and I'm gonna make another video about this specifically on TikTok, but I wanted to speak to this on with the podcast. For this as you're going to security, plus, as you're going to H C I S P I would actually do some labs in your house.
One of the best things, one of the most, one of the best ways to go deeper. And into this subject is actually have a lab in your house lab. That means get a separate computer, or you can actually do it on your computer that you use, get your laptop, your whatever workstation you use in your house. And you can use something called VMware and you can put different operating systems on that computer.
Or you can just buy a whole nother computer, build it from scratch, and then put the security features on that. That's a little bit more expensive with VMware. It allows you to I, don't think it's more in about 200 bucks VMware itself the software sounds, and that sounds pretty expensive, but you're investing in yourself.
So just think of it like that. You're investing in yourself, VMware. It works, but for now, I'm just gonna go to the site just to show you how you can create a lab, on your computer. So VMware is a virtual manager and it will, it's an application that sits on.  system on your computer, and then you can upload like Linux on it.
You can have different versions of windows. You can have Mac all on the same computer, and then you can network 'em together. And it's really cool. It's a really great way to learn how to do whole space firewalls. You can actually, I think you can even put like different firewalls on it. You can put a NAS on it, a firewall.
You can have whole little tiny network. If you wanna do this for free. If you like, especially if you're in a networking, there's another thing you can do called GNS three. This is something I used to use to, to practice for CCNA G I used to have a CCNA. I used to be huge into network.  it's been a while.
So  G N S three. So GNS three is actually is free. The only thing that's gonna cost you is your time to figure it out because it's, like a open, last time I checked it, it was an open source simulator. That simulates network environments. Really, cool. It's actually free. Oh, is it not free anymore software that empowers it free download.
It's not free. It looks like it's not free. It. Why is this site all fancy now? Oh man.  they do this. They put it out for free for a while. Wire shark used to be free too. I think I wanna say NEIS it was even free at one time. Yeah. Look, how many people use this? Anyway, so you download GNS three and it's a virtualized network and you can literally set up a little it's so cool.
Like it's this is one of another, one I like to do like a demonstration of it's really, cool. It allows you to configure log in and configure routers and switches and. Messing around with routing protocols and all kinds of stuff is really cool. So yeah, I would, that would be my advice to you is if you're going for a security plus a H C I S P and you're trying to get into this field, especially if you don't have experience, create a lab, put it on your laptop, start messing around with it.
So you can then start to understand the inner workings of it. All right. Next question. Dru says, Bruce, in your opinion, what is the most, what is a acceptable salary range for a new is SM or is O so it really depends. That's a great question. By the way, it really depends on where you're at in the United States.
And here's why I say that because if we type in ISO pay scale ISO pay scale, watch. It's gonna it's they have a price range, but it really depends. What you'll notice is it depends on what area you're in and it also depends on what, clearance you have, what's the organization. What you're seeing here is, typical of somebody with experience one 30 and these are in Colorado, California, and cer and I think this is Connecticut.
What I wanna see is the actual pay scale. Here it is. So the national average is over a hundred thousand dollars, $56 an hour. That's the national average. Now what this doesn't factor in, I don't think is how many years of experience the person has or if they have other additional certifications or things like that.
National average, that's pretty good for a national average. If you think about it, cuz that takes into account. All the way, the high, the highest level of pay down to the lowest levels of pay. Let me see, if I can find some more. Okay. The national average in Colorado, where I'm at the average is about one twenty three, a hundred twenty 3000.
And that's about right. That's about right. And independent on how much more experience you have. It'll be more. And I could tell you that if you're in the Virginia area, this is low, like 100. Is low, but I, would say it's around this. This is about right. For somebody starting off from scratch, you might come in lower.
If you've, if you have zero experience with it and you're coming in off like maybe you had some experience in the military or something like that. I, could tell you my first job outside the military as an ISSO I had a bachelor's degree, but I didn't have the required certifications.
They required a CI S P at the time. And I didn't have one. So what they did was they just brought me in and said, look, you have X amount of time to get a, cert this certification. Can you do it? I said, yes. So they hired me at 60, 60,000, 62,000, something like that, but which was very low. And, but keep in mind that this was how many years.
Damn. It's been a long time. 10, 15 years ago. It was like 15 years ago. So 10 years ago that's quite a bit of wild that's dang, 2004, 2006. Damn. That was a long time ago. 14 years ago. Wow, man. Time flies, anyway. Yeah, that was like 14 years ago. It's obviously the price has gone up so 70 between, okay.
Let me give you a range. If you are a new, is. A new information system, security manager or information security officer will say, officer first, cuz manager is different. Manager's a whole different range. Let's say an information system, security officer. The range is between, I wanna say depends on where you are in the United States, but I wanna say it's gonna be between about 70 and a hundred.
That's about right. For a new person. Now keep in mind. They know your value, especially once you start getting those certifications. So what you wanna do is no matter what they're paying you, when you get in, get a certification, a security plus a, CI S P a CI S a C risk get some sort of I would highly recommend a professional level security, cert like a CASP, a CI S P a C risk, a CIS, a one of those.
Not easy search by the way. And they do cost you, but once you get that, yeah you'll, be over. You'll be able to switch to another position, new job, somewhere as an ISSO that, or they'll pay you to stay and you'll be able to make over 115, at least 115 or, more. So that should answer that question.
Now you also ask a question about CI SM, which is a different position. CI SMS are usually the supervisors of a CI. C I S O a is SS O man I'm slipping. So an is SM is usually a manager of an is S O so let me show you what I'm talking about here. Managers are usually gonna make a little bit more cuz they're managers, but let's see if I'm not lying to you.
See if I can find the average of a okay. It's not coming up here. I don't know why. Oh, is he trying to search just in Colorado? What is up with that? Okay, let me go back one to see if I could find the average okay. Keeps wanting to search in Colorado USA or what I'm doing is I'm on zip recruiters and I'm looking at their, they've got a, like a little breakdown.
of this. So actually let's let's get outta this. Let's go, back to Google and find another management position. I, guess it's lumping it right in with ISS O okay. And actually the saying is lower for some reason that's inconsistent. Oh, okay. The No, This is saying it's a little bit lower.
That's weird. Which I don't think is correct because a ISSM is a manager, typically, especially in the federal government they, have two different positions. Like one is ISS, M will usually be over ISS OS and they'll usually be the person who signs for the, is S O and manages the ISO's work. So they usually make more, it's usually like a management type.
so that is that's incorrect. I would say is probably in more in the range of one 20 to one 40 and on up. So for an ISSM man glass door is even saying it's lower. That's not been my experience. Oh, okay. No glass door saying the average. For an ISSM is one 20. Yep. So there you go. That, was my guess would be more like one 20.
It is up the scale goes up like 10,000, something like that, just cuz you can see here that they're saying that the, average low on the low end is about 67 to 80. And all the way up to $290,000 is insanity. But yeah, so that's about right. 1, 1 20 is what I was saying. ISSM is gonna make, okay. Let me see if there's any other questions here.
I got some folks watching the stream here, watching the podcast, listening to the podcast. VMware GNS three are, golden for learning. Yeah. Apple work. Yeah, for sure. Okay, let me see if there's other questions. I have so many questions popping up on TikTok. It's very, active for questions. Somebody called me a scam.
It's free stuff. I give away, man. I don't know what people are thinking to be honest with you. Which is the best path for an at home job jobs only. Okay. So somebody asked me, I've had this question before, what are the best jobs? For at home jobs, remote work, what are the best, I guess it jobs, information, system, security, officer jobs.
Information security, cyber security type jobs, or it jobs for work from home these days after COVID I would've had a different a different thing to say about this, but these days mostly. Let me put it to you this way. I can tell you what jobs are, not compatible with remote work.
Let me start from there because nowadays you can do so many jobs, remotely and, more organizations and employers are now more open to remote work, which is I've been doing this before. COVID so it was a lot harder to get remote work before this. Anyway Jobs that are not conducive to remote work would be classified positions.
In my opinion, in my experience if, you're in a classified environment, if you're trying to get work at a especially if it's secret and above it's, harder to have a hundred percent remote. Normally what they'll do at, the most they'll have a a flex position.  flex hours are flex.
I can't remember what they call it, but basically it's like a hybrid That's what they call it. So they'll say, okay, two days out of a week, you can be at home. And then the other three days out the week work of the work week, you have to be at the site or two days are vice versa, like two days on the site and then three days off site.
So they'll do stuff like that. But see, the thing is you have to.  There, you have to be on site a lot of times to do the site, the security stuff the, classified stuff. But that being said there's, actually some people like a friend of mine, really good friend of mine. He was telling me about how there's this innovative new technology where you can actually do even classified work from home jobs.
So even that is gonna be work from home more and more and I'm talking about all the way up to Ts and he, once he explained to me how that's done I was, my mind was blown. I was like, holy crap. That makes sense. But anyway, most of those jobs right now are normally you can't do those remotely.
Another one that's deceptive are jobs where you have to travel a lot. The problem with those is they'll say, oh, it's a hundred percent remote, but. You're traveling so much that doesn't even matter, like some of the consulting and some of the professional services jobs, they require you to go on site.
If, they, if it's over, I'll put it to you like this. If the travel is over, if it's over 50%, then you're gonna be traveling a lot because you gotta factor in. Probably add another 20% for the travel days. Yeah. So if it's over, if it's 50 if it's even close to 50%, that is CR that is a lot of travel.
Like you, I, cuz I did a job like that and I was constantly on the road and the only time.  I think mine was 60 to 75% travel. I was never home. I was never home. would come home for the weekend and then I was off again, like I'd have a three day weekend and I'd be traveling for the rest of the week. So it was brutal, man.
It was work from home, but I just, I was traveling all the time. So if it's any of those jobs and normally the other one I would say, okay, so we talked about classified jobs. Normally those are on site or some kind of a hybrid.  Those are changing, but most of the jobs are you're gonna have to go on site.
The other one would be consulting where you're traveling a lot, cuz you have to go to all these different places. And then the other one would be if they really want you to have FaceTime with the customer. And that usually requires being on site, those off the top of my head, the ones that out of all the ones I've been offered that I've worked at personally, that's been my experience.
But if you guys can name any other places where it's pretty much, you have to be on site field text. That's another one that one's not gonna be well it's it says it is gonna, it can be remote, but you're traveling so much that it might as well not be remote cuz you're never home. Yeah.
Hope that answers your questions. Most jobs off the top of my head. Cyber, a lot of cybersecurity jobs can be done remotely. Remote administration, you can do system administrator jobs, a lot of those remotely. You can do networking a lot of those networking jobs, remotely configuring firewalls, monitoring traffic.
A lot of those you can do remotely. Just name something. Most of 'em you can do remotely. It really depends on the organization. So just keep that in mind. Okay. Let me keep going.  okay. Somebody said it is back on the topic here. Somebody said it is difficult to to impossible to get a fully remote. There is zero chance that I would work and take the added risk of doing classified work remotely.
Yeah. So the technology that was in place was it was like a virtual machine, nothing stored on your computer, basically. It's you're seeing, it's like you're seeing images. Like your whole desktop and everything is just images that you're seeing. But the, risk for me is that if you're in your house, you've got things like you've got other what if your daughter is on the phone over here?
And they have their phone they're on speaker phone and you happen to be doing a you're on a secure line on. System and you're doing classified work and then they can hear what you're saying, so there's a possibility of a security incident because it got leaked to somebody. I don't know.
There's just I'd be nervous about it myself to be honest with you Dru says after C or it travel jobs still plentiful. Yes. I know the go.  in the government for the government. It has slowed down quite a bit. Yet there's still a lot of travel jobs, but you're right. There's a lot of customers and clients.
And the last job I worked at without giving too much away last job I worked at I I was a, consultant. I was a cyber security consultant and we would, our biggest part of, one of the biggest part of our jobs is that we would have, we'd have all these assessments and we would. To a site.
We, we would go to the site and we'd do physical assessments and we'd do wireless assessments. You have to be on the site for those. So we would go there and sit down with the facility manager and ask them, que interview them and then walk around the facility and all this kind of stuff. And then you'd do a report like you say, okay you're good here.
Good. Here you have a checklist, all that kind of stuff. But a lot of clients were like, nah, you can't come to our site or you can come to this site, but you can't come to this site. So you have a point because of COVID travel has been. Restricted, but there is, it's starting to open up quite a bit lately.
Like right before I left, they were opening things up. Like it, it was opening up like crazy because Mo most places in the us are opening up with the exception of there's a few places. Like we had some overseas places that were still pretty, pretty locked down, pretty tight.
Exactly skiffs are skiffs for a reason.  yeah. Okay. Let me see if I can answer if there's any other questions here. Tons of questions and interactions on TikTok. I'm really surprised about TikTok. Somebody asked me, okay, this is a good question. Couple questions that are related. Somebody asked me if they can do cyber security at age 30 and another person asked me if they could do it at age 45.
And I would say. As a matter of fact, cybersecurity lends itself to a more mature minded person. Because you have to do a lot of interaction. As a matter of fact, like this career field is pretty old.  I don't say so myself, but the last place I worked at I wasn't the youngest guy, but I I'm pushing 50 man.
Like I, I, wasn't the youngest guy there and.  so I was not the youngest or the oldest guy there. So it, this career path needs more mature people because you're dealing with pretty heavy, issues. And you're having to talk to, you have to have the maturity, the emotional intelligence to talk to high level, cyber security CISOs and C level execs and stuff.
And then you gotta be able to switch gears and then talk to a technical.  and because of that, it lends itself to a more mature type of person who can handle, stress and not freak out. And who've been around the block enough to know, okay. Yep. Don't worry. Like we got this and not panic.
So you need somebody with a cool hand. And a lot of times even me, I've been doing this for 20 years, but August school, like the last place I worked at, there were, so there were people there who were masters at this and I'm like, I man, these guys were running circles around me. I thought I was pretty good at presentations and stuff, man they were killers.
They just like something bad would happen. Something horrible in cyber security. So many bad things could happen that we're in the business of preventing bad things from happening to your assets. Something would happen and the client would lose their damn minds and they'd be a younger.
Who can't handle any kind of pressure and they freak out and they they'd freak out and then have another person, like my mentor, who was at that job, that person would just be calm and just calm them down. Just talk 'em off the ledge, negotiate with them. And then next thing you know, they're no longer holding hostages like they were.
So good at speaking to cus clients and customers, and that level of maturity is, really necessary. Yeah, 45, like as long as you can get the concepts down, as a matter of fact if you don't wanna do another two years of if you don't want to sit down and do two years of learning all this new it, you could actually do something like a program.
Project manager is actually a really great position for an older person. Project manager is. Compliance the stuff I'm doing something like that. Something where you're not super like in the weeds, technically, because there's a lot going on with like firewalls are constantly evolving and changing.
And like a web technology is constantly evolving, changing, and man, to keep up with the server technology it's constantly going constantly moving constantly and you're having to constantly hit the books and stuff. So that could be. As you get older, you have all this other stuff going on in your life.
Whereas youngsters they're just now coming in and taking on new responsibilities. So the work is everything for them. They don't have maybe they have one kid or something, but they don't have necessarily grandkids or five kids or whatever, so they have, they can devote more of their time to this learning this new technology and stuff.
But if you, I would highly recommend especially if you're older,  you already have done two or three different career paths and you're doing this so you can retire and, live a simpler life. Man I would recommend project management get P and, also it really needs more mature people like people who can handle pressure and not freak out people who are calm as a cucumber, this calm, this, and they can just work in any environment because they've, seen some. So they got that, that thousand yard stairs. We used to call it in the military. They've seen some shit so older people like, yeah, I, it is, you could definitely do this as an older person. All right. I think that's it guys.
Thanks for watching. I've been talking for about 30 minutes. I'm gonna try to do more like one offs like this, instead of just doing 'em once a week more Podcast. And if you're interested in hearing a lot more, cuz I actually post more stuff on on audio go to combo courses.podbean.com or checking the link description below and you'll have more access to all the stuff that I put out.
In some old podcasts I've been posting. All right guys, that's it for this one. Thank you so much. De truth. Thank you. S V T. Thanks for all the questions on TikTok.
 

http://convocourses.com
 
Hey, happy new year, everybody.  This is a podcast for combo courses, and today we're gonna be talking about  we got some, a few questions that, that have been  asked of me. I've got a resume to go through. And  I wanna talk to you guys about 20, 21 and what  what I'm gonna be studying this year  as a focus for like certifications or just sharpening my skill and some things that I would recommend that you  look at too.
Cause I think it's  looking forward five years ahead.  What I think is gonna happen as far as our industry is concerned, cyber security or  data analysis and things like that. And so let's get started. So the first thing I wanna talk to you guys about is some of the things that I'm gonna study in 2021, the things that I think that  are gonna be relevant going forward in the future.
And let me just switch my screen here to show you the very first thing.  that I wanna show you is  blockchain technology. This is  something I think that's gonna be more and more re relevant. If you've been watching the news, you've been seeing cryptocurrency going  off the rails lately. And a lot of this technology  the money is based on blockchain.
And I don't think that this technology's going away. It has all the hallmarks of what I saw with cloud computing many years ago, and everybody kept  talking about it and it just kept coming up over and over again. It's really the same  trends I'm seeing  where all these gigantic companies and all these giant organizations are really  dipping their toe in a blockchain technology and very quickly what it  is a basically it's a digital ledger.
It's a distributed digital ledger that allows you to basic you, you can essentially  you. , you don't have to have a middleman. It allows you to not have a middleman because there's something there's a, normally, if you like a, with a bank, for example, a bank is a middleman to your money.  Your money is there.
You have to go to the bank to get your money, but with a digital ledger, basically, essentially your money is out there on the web and distribute. It's all over the place it's distributed and encrypted  so that you can access it. And it has  it's a cure. It allows you to be anonymous and  and it's something, it validates it so that you can't, you people can't say that they didn't make that a payment or could, or didn't get a payment.
It's immutable. That's what that means. So the technology is emerging  slowly but surely  and not just cryptocurrency by the way, but also    for things like logistics. And even  voting can be done with the blockchain, many other  things that we use every day can be used with blockchain technology.
And so that's why I'm gonna be studying more on this    the actual technology behind it    as opposed to just  cryptocurrency for the sake of making money and investments and things, that's a whole separate issue. Blockchain itself does much more than just  money and essentially, like what, another thing that you should know about blockchain technology is that  let me see Oracle starting to use it.
 Walmart is starting to use it and  many different  other organizations and governments are start.  Dip their toe in this technology. And it looks a lot like  what cloud technology was looking like about 10 years ago. All right. Another thing I'm gonna be studying very heavily is cyber threat intelligence.
This is becoming  much more important  to anybody who does cyber security and what this is from a high level is it's. If you have a customer or if you have an org you're in an organization, either one and you're protecting someone's assets, their laptops, their servers, their information, their personnel, you're protecting their assets.
Cyber threat intelligence is where you  do recon to see if anyone is. Looking into trying to break into those assets and the way you would, one of the ways that you could do it is to have a cyber threat intelligence  cyber threat intelligence system that goes out and checks the dark web checks  the internet to see who's talking about your organization.
 Does anybody have your, the  IPS of your organization or is anybody scanning your organization? So you're looking for where people are trying to get into your organization,  a preemptive you're. You're doing preemptive checks to see if there's anyone trying to get  into your systems.
This is gonna be  really more and more important  as technology becomes  even more important in our, in all of our lives. If you looked at the recent gigantic hacks that are going on, state sponsored hacks are happening. And the one of the ways to.  to have some kind of defense against the state  funded  state sponsored actors is to actually do cyber threat intelligence.
See if anybody has been CA  casing the joint,  scanning  your network scanning and see if you have any vulnerabilities out there. So cyber threat intelligence is something I'm gonna really dive into this year, and that's gonna start off with  with  things like  ethical hacking, and then I'm gonna get into cyber threat intelligence, cuz you  gotta know a little bit about ethical  hacking and stuff to actually know a deep, have a deeper understanding of what threat intelligence is.
And another thing I'm gonna dive into this year and I've  put it off way too long is cloud computing technology. And this is something I talk about a lot  on this channel and  it is just getting more and more important. Like it's not going away. It's just.  it's really become a centerpiece of all of our lives  whether you know it or not.
If you've, if you watch Netflix, if you use Gmail, if you use Hotmail , if you, whatever you use, like most of these gigantic technologies are using cloud technologies on the back end. So it's just becoming more and more important. And me as a cyber security person, I need to know have a deeper understanding of  what that is all about.
So those are the things that I'm gonna study this year for 2021, and  possibly get certifications in some of these technologies  and actually it's become a required couple. Two of those things on that list that I just mentioned to you are, have become a requirement for the job that I work at, that  I have to actually  get a certification in 'em.
So this is  something that, that I'm definitely gonna do.    And I think. These tell those three things are gonna become more and more important in the next five to 10 years. All right. Let me  see if I got anything else. I see a few people watching me. If you guys have any questions, let me know.
I'll give you guys time here. If anybody wants to chime in, I've got a few people who've asked me questions and a few people who've asked me to actually look at their resume. So I'm gonna actually do that. Let me see if I can find a good one to look at here. The first one I'm gonna look at is going to be from the, I changed the names, just so you know, change the names and  the addresses and everything on there.
So there's no need to worry about that. I'm gonna look at this resume right here. And what I like to do is I will.  get, put my suggestions in there sometimes  the resumes are so good. I don't really have much to say about it, but it's just like little tweaks and stuff of what I've done on my own personal resume to give them some, to give them some extra juice, some Google juice on that resume  and  my mindset is that I market myself.
And so I encourage anybody, any of my students, anybody who follows me to do the same thing, you gotta market yourself. It's very important in this day and age, there's just so many people. And there's so many competitors out there for you. There's so many other eyeballs on other different resumes that you gotta put yourself.
You gotta set yourself apart by advertising yourself, marketing yourself. Okay. So this is coming from Mike and he's in the DMV area and he is  a senior assessment and authorization engineer. Okay. All right.  I've never heard that. Title before, but  that's good.  If just one suggestion I would make here is if you're Mar if you're looking for a different job, I would, one of the things that I do is I put some more  more common, a more common name out there.
So this to me sounds like it's  and I could be wrong here, but one of the things that he could do is say, he's a security, and I'm gonna read through the resume. This might change. I would suggest I'll just say suggestion is to have the title of this, be a security control  assessor. And the reason why I would say that is because the security control assessor is a more common name  for this type of work.
But then I, this might be something I've not. I'm not familiar with authorization engineer, but  it is just not something  I've heard people use in my industry. So that's why I I would recommend they do this now. This is good. They put active top secret clearance. That's really, that's excellent.
 You, do you definitely wanna put any kind of clearances that you have here?  Up top, because that's  a very marketable thing to have   that immediately eliminates 80% of the people who are gonna compete against you. So that's a  very good thing to put on a resume.  Let me see, I'm gonna read the top part of this qualification profile.
This is pretty good to have, like whenever you're marketing yourself  because places like LinkedIn will have an area where you can put stuff like this, but what I normally do is I take advantage of it by putting as many keyword as possible inside of this profile. You don't want it to just be flowery and sound good.
You want it  to hit 'em right in their teeth. You know what I mean? You want 'em to grab their attention immediately with a bunch of keywords. So they said concept and execution con concept to execution focus, systematic profe. I would not put any of this stuff in here. Okay. I'm just gonna, I'm just gonna suggest some things here.
I'm just gonna suggest some stuff I'm gonna say.  Now I'll have to read the, what I'll do is I'll read through the resume. I'll come back and fix this up, but it's just way too flowery for me. Like I would not, if I was reading this, I would just skip right by it  cuz I want to know what they can do core competencies.
These are good. But  another thing that I do personally is I take this and I put it at the end, any kind of listing stuff like that.  I put it at the end.
 Cuz it will get picked up by the search engines. That's the reason why I do it.   But when I'm reading through it, I want to very quickly know  know what their education is, cuz that's normally a show stopper or a show  it gets the show on the road if they know, okay, this guy has a bachelor's degree.
That's one of the requirements. He has a C I SM certification. That's one of our requirements. So you wanna  very quickly  have all the main things up here. Now   this dude's actually got a great resume here. He's got some great set of skills. So another thing I do is I would put your top certification right up top, like this C S M I would say, is this top certification?
I would say I would put it right up here. Not trying to brag or anything, but I am a CI SM. And  maybe you put the number in there cuz this is gonna be. Guaranteed a requirement. That's gonna  this certification right here can replace things like C I  S P and some other  large level high, sorry, large high level security certifications that  that he has.
And then the cast is also a really good one. But I think  the C I SM is  a better, has a, is better, is a higher level. It's more, no more people know about the C I S M I should say. Okay. So he's got a ethical hacker certification. That's also a good one. I would, that's another one you might wanna put up here as well.
That's a very marketable certification, a lot of pen testers and hackers  really look down upon the C, but I'm telling you it's very marketable cuz  the corporations have not gotten the memo, the government and the corporations have not gotten the memo on, on how bad this certification is. So it's very, still very marketable.
   Yeah, I would put that on top. Let's see security plus. Okay. And some other stuff. All right. Let's keep going here. Scott.  Cyber security professionals, Maryland. Oh, okay. Affiliation. I'll put this at the bottom. We wanna get to the meat. The meat  is the actual experience. So I'm gonna take this, I'm gonna put this at the bottom.
This is a great resume, by the way  this is right at this point, all I'm doing is putting my own suggestions in here  which he can  take it with a grain of salt. Like I, it, this, he could leave it just how it is and it would still be fine cuz he's got so much good stuff in here. The only thing I would  highly recommend changing is.
this right here. Cause you want this to have impact. And this to me, expert at administering desktop printers, and this is not a good impact. This is not tip in my mind if I was reading this and I was trying to hire this guy, I'd be like, eh, whatever next  I'm not trying to be mean or anything, but  just keeping it real with you guys so that you guys don't do the same kind of stuff on your resume.
 No flowers, just straight facts  keywords, stuff like that. Okay. Let's see. So job was at K force  to current. All right. Top secret clearance.  Let's see a C Splunk. Okay. This is actually  really good stuff. Support all activities on  as outlined in this 837, 1 37. Okay. All right. Not seeing a lot of impact.
But I'm seeing lots of great keyword, so that's good support all outlined in. Okay.  Review and analyze a and a as assessment and authorization.  Security controls missed overlays  experienced using administrative  administration of EAs. Okay.  So this guy, it sounds like he's like a  is O but  I'm not really sure what, cuz he names himself as a senior assessment authorization engineer.
That sounds like an ISSO. So another suggestion I would make is to possibly or use IFSO
information system security officer.  and then I'll just tell 'em here. That senior, what I'm trying to get at is it's a senior assessment and authorization engineer is uncommon, is an uncommon title is an UN uncommon title. That's all I'm trying to say. So you wanna use like a common ti, if you're gonna put a title up here, it should be a title that people know about.
And that also fuels your  your Google juice, your keyword  cuz the, and the thing, the reason why I emphasize on my courses  and whenever I do  these  resume suggestions, these are my suggestions. I'm sure other people have way better ideas than me, but these are just my suggestions.
The reason why I focus so much on keywords is because that's really what a lot of employers and a. Technical recruiters use as keywords re technical recruiters and the HR department. Who's looking for jobs and stuff. Typically  they're not a technical person in your field  every now and then a organization has the  resources to cut some technical guys loose and say, Hey, go look through all these resumes and screen some people and have 'em come in.
But typically what happens is your resources.  is your guys on the ground. You need them to actually do work.    You don't want them to go looking through a hundred resumes.  You want them to be working on cloud stuff. You want them to be analyzing data. You want them to be doing their job.
 You're gonna have. So that's why, what organizations do is they have people who are not low level workers. It's not the right term, but. HR  a screener from a whole, a third party organization, a third party company, they say, okay, look, here's our requirements. Please look through these hundreds and hundreds of different resumes and see if you can find us some good picks, just we gotta make sure that they have us    and CSM.
They have to be in information system, security officer  and see the thing is when they say we want a system security officer, they're not gonna know what a senior assessment and authorization engineer is  is that, does that make sense? So you wanna use the same language that people are using if everybody is using cyber security.
 The thing is I've been through a few iterations  of this. So first iteration, when I went into security, Everybody called the information assurance, like if you were doing risk management framework, if you were doing certification and accreditation, that's what they called it. We were called either certification and accreditation engineers, or we were called information assurance officers, or we were called like this, just  it's just an odd, that was like information AUR.
 What is that?  What they meant was security. You're security guy who does paperwork  essentially   you're a compliance guy that would make more sense, but then it evolved from information assurance to  what did they start calling it? It was information system security, then information assurance, and then they start calling cyber sec, cyber security engineer information.
 Change. And now the do D I think they are calling it like cyber surety or something like that. I don't, they keep changing the terminology, but you wanna keep up with the terminology people are using in this industry. So that way  what words to use for those HR guys or those screeners who are who's, who are looking for all these resumes.
And they're looking for that one keyword, they don't know what an information system security officer is.  All they know is that the employer said, Hey, we want an information system. And if so  make sure  that's you get this person. And so you gotta use those keywords. Okay. I'm gonna get off my  get off my soapbox here and I'm gonna continue going through some of these.
Yeah. Tony, I see your message here. Let me just finish this. Getting through this resume. This resume does not look bad by the way.  I've seen some really bad resumes. If you've been watching these for a while. I've been through a couple who were, that were really bad.  This one's actually pretty good.
It's got great keywords. My only main suggestion would be, I'd be really surprised if this doesn't get tons of offers. My only change would be to change this whole, this right here. This is just this just too much fluff.    Just get to the what. Okay. Let me just give you an example of what I would write here.
What I would do is I would say something like, cuz this guy has so much awesome skills. Let me just read through  what he's done before.  Let me see.  And now analyze  vulnerability data, multiple sources  using a cast and Splunk.    Okay.  Here's what I  would do.
I don't know how many years of experience this person has, but I would start off with my years of experience. I would say it looks like he has years of experience. Look  as a security analyst. Good Lord. Jesus. Why? What are you doing here?  What I would   I'm sorry guys.  I'm just, I'm a little frustrated.
Okay.   I would say X years of cyber security analyst work using tools such as is  Splunk. NEIS I don't know how to spell NEIS so he is gonna do a spell check NEIS.
He said a castle that's NSUs you wanna use? NSUs that's a real good tool to have.    And  let's see, EMA wait  and a grasp of
 No, not grasp, but  we wanna emphasize how much skills this guy has. Cybersecurity analyst work using tools such as eight years of experience or whatever years, experience analyst work, using tools such as Splunk S  with, okay. And okay, here we go. We'll say, and NEIS with a  with solid experience.
Implementing
 Risk management framework.
And we want to get that keyword in there. RMF, I'm gonna say N 800 also  key phrases with solid. Okay. Yeah. See, I would start off.  I wanted someone hit 'em right in their mouth.  I don't want them when they see my resume.  They're gonna stop reading all other resumes when I'm done.  That's your goal.
You want them to stop on your resume and not read another resume? Okay.    He, this dude got so much experience, like why is he saying all this fluff? That doesn't oh my God. Okay. So yeah, I would just hit him right in their mouth. Like I, okay. Then he wants to say.   Have I have a active security clearance now you might be thinking, Bruce, why are you saying clearance over?
He says it here already because we're using a different keyword. So up here, he said, active top secret clearance right here. We're saying active  security clearance. It's a, there's a difference. And we gotta spell it  by the way, there's a difference because it's a different key word. So somebody's looking for security clearance and they want you to have a  they want you to have a security, a secret clearance instead of top secret clearance.
They'll still see that you have a clearance period. They'll go, they'll be looking for a secret clearance. And they find a guy with an active top secret clearance. You know what I mean? So we wanna make the net as broad as possible. This dude's got so much incredible experience. That    there's a lot to choose from here.
 I would put something like this in here.  Okay. Okay.  Watch this. So we wanna put more about his in information security officer experience. So we wanna put ISSO with years of experience.
 See how I can't spell.  see. It's very important to do a spell check  all right.  Experience. If so with years of experience  getting  authorization to operate and with, for, and for multiple  information systems.
So I got a bunch of keyword in here. I got cybersecurity analyst. That's a keyword key phrase. We got Splunk. We got NEIS, we've got risk management framework. We've got N 800. We've got a O  we just want to hit all the buttons.  We don't want fluff. We don't. Oh, bilingual. This is a good one too.
This is  really good. And oh, by the way, I'm bilingual. Yeah. Super powerful. Bilingual opens up a ton more jobs for you. If  more than one language, any language it's gonna open up other jobs for you. So that's just something that to keep in mind. All right. So that's it with that one. I I hope that  that's helpful to, whoever's watching this  the idea behind this is  to get yourself in line with the market.
that's the whole thing. And you need  to do that. You need to tell people who you are. You gotta show people, Hey, here I am.  That's what marketing is all about. So you wanna market yourself. That's the whole, that's my whole thought process. Okay. Tony says, Hey bro, I have about seven years of compliance experience and I'm bored to say the least
I want to move into  security engineering and architect roles. How do  do you suggest I proceed? Wow. Tony  that's  I had the same experience. Like I, I had been doing it for  I don't know, 12 years or something, and I just got so bored with it. It wasn't a challenge anymore for me,  and I know that sounds ridiculous if you're getting paid  and you're, you got a secure job, but you need some kind of a stimulation. I got into it cuz I love technology,  and so I was doing this for like  years and years compliance  and I found myself losing my technical cuz I had technical skills and I started losing that because all I was doing was compliance stuff.
So I know how you feel. So what I did was I  I just jumped off a cliff man. Like I, and I don't recommend this to anybody, but this is what I did.  I took a job doing something that I was really excited about. I was looking for another position I was in between jobs and I was looking for another position and somebody off had a job overseas.
to do.  They actually, it was risk management framework.  I applied for that and I applied for another position they had for  a system security analyst.    I applied for the system security analyst and I didn't  I  of read about it. And it was talking about  using Sims and talked about using  tools like.
McAfee EPO  and  IDSS and IPS. And I was excited. I'm like, oh man, this is so cool. I've never even some of the stuff I never even touched before. So I was really wanting to get into it. So what I did was I applied for that job, as well as the risk management frame, I was fully expecting them to look at my resume for risk management and be like, okay, this is our risk management guy.
They didn't do that. They  chose me for cyber security. They looked at all of my old technical skills and they were like, okay, this guy right here  we really need somebody to do this work for cyber security analyst work. And they picked me up and they picked me up as a, like a junior cybersecurity analyst where I was learning   I wasn't like the guy, the main guy on the floor.
Doing everything. I was like, one of the people like learning different technologies and actually staring at a monitor, looking at the data, coming in, out of a network and analyzing, they taught me arc site. They taught me, which is  a SIM kind of like Splunk, a little bit of Splunk. They taught us  all these different tools, man.
I had a blast, I'm learned so much stuff, but  I had to learn, like I was like, I was fresh outta college.  had to swallow my pride and I had to  take, which I have no problem with, but I know that some older guys, especially if you've been in it for cyber security or it for a while  some of us  we've seen war zones and stuff,  so it's like, why is this kid telling me what to do? But I didn't feel that way. I was like a kid. I was like a little kid learning  like a wide-eyed little kid  oh    yeah.  Really getting into it and.  and then  my work ethic kicked in and I learned everything. I could, I absorbed as much information like a sponge.
And so I would, so that's what  what you could do. You don't have to go to another country or anything. Like I did  jump off a cliff or anything, but what you could do is just apply for  a junior level security engineering and architect role to get your beak wet  to get started  but keep in mind,  if you have seven years experience    you can't come in the door with the chip on your shoulder  oh yeah.
I already know that I've done it for 15 years and throw your weight around or no, you gotta be like a little kid,  and  that's what I love about it is that I'm learning so many things like you can like right now, if somebody, if I went to a firewall role, even though I've touched them before I know how they work and stuff, I don't know how to configure a fire.
I can't do that from scratch.  Somebody would have to sit down and teach. Like from, they'd have to teach me from the ground up. Now I'd learn very quickly cuz I have all this experience and all these other tools and stuff, but you I'd have to be open minded and learn what they're teaching me and not come in there.
Like I know everything and not knowing  I have to come in there, like I'm an intern fresh outta college and I'm willing to learn from this Pierce person. Who's more than likely younger than me,  so yeah, that's what I would do, Tony.  I know how you feel. I felt the same thing many years ago,  that path right there for the in terms of my career was a great move because now I have so many other doors and opportunities that have opened up over the years. And because I have this plethora of different experience  that I can pick from  I'm now a consultant. Like  I can consult on all these different things.
 I've touched so many different  technologies before, and I don't have to actually be an expert on each one, but I know the concept so well that I'm able to say, okay, I know how this works with this. And I can look at data and say, okay, this is what I'm seeing here    but yeah  what I would do if I was you Tony, and actually  that's what I did in the past.
 And I know how you feel. All right. I got some other questions here that some folks have contacted me about and I'm gonna answer them. So let me show you guys what I'm seeing here. Let me show you what I am seeing all. So I've got  a question. From my man. So Solomon H and he says  I received a contingent offer for wait  wait for security control assessor position.
And I'm proc I'm in the process of getting my clearance. I don't have a background in risk management framework or any cyber security compliance.  What advice can you give me? I'm relatively new in cyber security and only have one to two years experience as a system administrator. I know that my job will focus on security and privacy controls.
As I look over the, as I look over the next 853 documentation. I've enrolled in your course. And  so I can better understand an overview of how risk management framework works.  Is there anything else that you can help me with or give me any kind of guidance? Yeah, actually I really can help with this.
   I would say that  if you happen to be watching this, Sawman  as a system administrator, if you guys out there are system administrators, you should know. And especially if you're trying to go into cyber security, you should know that actually  you have many years of security experience.
So if you have set up a server before and had to put the patches on that server, that security experience, if you've ever had to do some documentation on the system that you set up  where you had to draw out a diagram, put that together and shop that around to the rest of the. The guys on  on the staff you've, that's cyber security.
 That's a little taste of all of these different things are taste of cyber security. If you've ever had to help the compliance guys out  and those guys that contact you and say, Hey, could you give me, could you give me  a blurb or some documentation about  what this security feature of the system is?
Guess what that's, you've actually assisted with cyber security compliance. If you've ever put a  secured software on the system, you put the software on there and then you had to update it. That's also cyber security, cuz you're updating the patches that could have been exploited  by a threat actor    so if you've ever put signatures on a system for anti-virus, that's also cyber security.  If you've ever.  Hard in a system like where, okay. Let's say that  the, there is a password protection on there, but it doesn't have upper and lowercase and it doesn't have, it doesn't have password complexity, but you had to go on the back end of the server and ensure that the whole organization    is enforcing  password complexity or enforcing  multifactor authentication or enforcing  audit logs to be enabled for anybody who's failed, a failed login attempts or anything.
All of those things. If you are a system, administrator are things that you could put on your, you should put on your resume as a cyber security person, cuz you have done cyber security. In fact, you have, I would argue you have done more cyber security than some. Have quote or quote unquote in cybersecurity who have not done any technical stuff.
And all they do is policy.  You've done more than them because  you're go, you're now be able to go deep in policy and deep in technical, the technical side, your skills are very much needed in this field. Now you said that you're going into security control assessments. So this is security control assessors from my interactions with them and having done this myself.
 We, the, you need a team of people who can assess different aspects of an organization.  Systems. What I mean by that is you're not just looking at documentation. You're not just looking at their security policy and saying, okay, looks like you've got  you've guys have a policy in place, and it's been updated on this and that date.
You're not just doing that. You're also ensuring that the organization is complying with their own security policies. And that means that you have to run things, do things like run scans,  so you might have to Polish up on your ability to run a necess scan or a, I don't know, name, a name, a scanner.
And you might have to know a little bit more about that, but I'm sure you'll pick that up pretty fast being a system administrator.  So that's one thing  yeah, learning the nest 800. 37 I would say  is another place to look. But if you're taking my course    that's gonna walk, that's gonna really touch on what you need to know for N 853  and N 837.
It's gonna really touch on those things.  And there's perspective of an information system, security officer. That course is actually really good for  for se, especially if you're new to that work.    Yeah, I hope  that helps.  That's a little bit of guidance for you if you're taking the course.
 If you happen to see  this  this video, Sawman any questions you have whatsoever, I actually are currently doing assessments for different organizations, so  I can help you out with that. Okay. I've got another question here. And somebody said    oh  wait.  Spade says  do you offer any mentoring  opportunities?
 Can you remind us of how.  we could work with you concerning career guidance and resumes if possible. Yes.  So spades, I get this questions like weekly now.  I do not do mentoring because I have a full time job and I really enjoy what I'm doing with teaching online, or I really am getting into it.
 I'm starting to meet other people. I'm learning stuff  from other instructors. I'm really excited about it. So I wanna spend my time doing that. But  what I can do if you're interested is I've got a bunch of courses. Let me just    show you what I'm talking about here. I've got a bunch of courses that you can sign up for.
Some of this stuff is actually free. So what I do is  I put out a course and I give a portion.  a portion of it free, and some are just completely free. Some from scratch. If you're learning this from the beginning and you want to get into cyber security, then this is a free course for you to shows you what to actually focus on.
It's  six hours along, by the way. It's not, it didn't start off free   but  I felt like it's time to help more people out  that really need it to get into this market. I've got something on resume marketing, like how I have been able to have a job  since I got outta the military  I've got so many opportunities all the time because of this meth method that I use, some of which I teach for free on YouTube, by the way, some of the stuff I tell you guys  is in this course, but it's a breakdown.
Let me just show you how extensive this is, this  many hours of content and shows you, and you can use it as a reference. You don't have to go through line by line on all this stuff, but  shows you what I do to.  Have so much success in my career  and continuously have offers from all different kinds of organizations and different industries related to cybersecurity.
And then I've got  a walkthrough of the risk management framework process from the perspective of an information system, security officer. I've got a deeper dive into that, of how to actually do the documentation piece and downloadable templates that you can use. And I'm sharing essentially my experience in this field so that you're not lost and you know where to go and how to upgrade yourself and how to make more income.
 Let's keep it real.  This is about taking care of your family and taking care of your being, having some stability, financial stability. I'm talking about how I've been able to secure  my life and my family using this career field. So that's what I'm talking about in there. And tons of it's free.
So you should, at least you should sign up. Check out the free stuff. If you like it. Now, if you do sign up, I do answer any of your questions. You I'm gonna set up communities there. There's lots more to come in 20 21, 20 22, 20 23  plan to be in around for a long time  and offering as much help as possible for people.
My wife's calling me. Sorry, let me  just turn that off real quick.   Okay. So yeah.  So yeah, I do not do mentoring just yet. Maybe I have a full time job. I love my job. I love, I know that's a weird thing to say, but I'm really having fun, like learning different things. And my, when I'm at work, I'm like really at work  I don't have time to do anything else.
I'm  really doing stuff. And  I'm doing, I'm just learning so much.  I do have a discord channel if you have, if. Anytime you want to question have que, especially if you happen to be a member of the site, if you happen to be a paying member of the site, I'm gonna go outta my way to help you out  in, in very deep ways    stuff that I, we wouldn't be able to share on here, obviously      if it's more personal or if it's more  related to specific things at your job, then of course I'm not gonna make a video about that.
 So  that's the kind of stuff that I do offer, and those are things that I can do on the weekends, like when I'm off work and things like that,  and  there might be a time when I'm on lunch or something, or just after work or whatever, I'm on, I'm off that day and I can call and we can have  a  I've talked to my students before on the phone, like we're just back and forth talking about stuff that's tailored  to their  life.
But as far as mentoring on a regular basis, I would take it extremely seriously. And I just, I'm not ready. I don't have the time and the day to, to dedicate to that.  To that.  So yeah, so that's where we're at with that.  Let me see  thank you guys for watching. Appreciate everybody. I got another question that someone asked me.
They said, let me switch this screen here so you can see what I'm seeing. They said, hello, Bruce. I'm interested in becoming an information system, security officer and was interested in your course and what guidance you can provide on what courses on your site I should start with. I was using Darrell Gibson, but  I think he's a real popular security plus trainer, but I know  the 5 0 1 expires on July 21st, 2021.
What books should I get for the risk management framework for the cap? Okay. So first of all, I am. Developing a cap course.  But that's not gonna be out for a while now, if you wanna know what book that I would use right now for the cap course, I can share that with you. I'm gonna bring that up real quick.
The one that I think is a really good one, it's not cheap. And     it's so expensive. I wanna apologize for how expensive it is.  but there's no  real op  alternatives to this book  that I've seen.  There's  there's just not a lot on the cap  and that's why a lot of people follow me cuz there's, that's not a lot of people talking about risk management framework.
And this is one of the few books that  that are out there that I think  are worth your time.  I have this book and it's, and  I'm reading through it and  it's really good.    As far as taking the cap, it's really good. I don't believe it's super practical. But I think it's a good book for the actual test.
When I say practical, there's a difference between if you're an it guy  this there's a difference between actually taking the test. There's a difference between taking the test and doing the work. And they're just two separate things. So that book right there is really good for the official guide to the cap.
 Common body of knowledge is a good book for taking the test.  Cuz they're hitting all the objectives line by line, they're hitting objectives. So that's what you want in a good certification book.  Objectives, if you didn't know, typically. What certifications I used to teach certifications.  So  what certifications do is  they have different domains, right?
Each domain has a different category, a broad category, like for example, C I  S P has, I don't know, seven categories. I don't know if this should changed. I took it a long time ago, so I apologize for my ignorance.  in advance.    Yeah. And I'm a CI  S P but  the, it has say crypto  crypto cryptography  domain.
And it has another one  that's related to security compliance.  Let's just use those as examples. So the cryptography one is gonna have different objectives that it's gonna hit. Like it's gonna have different things that they expect you to know.  And those objectives will be different.
From  the security compliance domain, which will have its own objectives that go deeper into the details of the concepts behind that domain. And when you take the test, what they do is they stick to those objectives. So if you know the objectives very well, you should be able to pass the test. And if you don't pass the test, you should be able to take it the second time and pass it.
 So yeah, that's a good book. And  and what was your other question part of your question? That's the book that I would recommend  for the cap, and then you said, was interested in your course and guidance. Okay. So for the course, for my course, I would recommend if you're trying to get, become an ISSO, the book is not gonna be enough to become an ISSO.
And this is the reason why I did, I started doing this online stuff is because. Nobody's really teaching this.  It's just, I guess  if you pay 3000 to somebody come out to your job and actually show you that way. Yeah. But no, there's just not a lot of courses that tell you, give your practical guidance on this stuff.
If you are going into it for the first time, I would highly recommend risk management framework, information, security officer foundations, which tells you what you need to know.    For the course.   Not for cap, it's not focused on cap, but for the actual work for ISSO work. So if you want a free preview to see if this is worth your time, worth your money, then just go ahead and log in.
 And this first part is free. So there you go. And then  there's just. Lots and lots of stuff on each one of the categories of the risk management framework process. So yeah  it's good for somebody who's just starting out who wants to learn this for the first time and maybe  you're an it person, but you're trying to get into risk management, but you are like, man, this I'm reading through the nest 837.
It just doesn't make any sense. I'm speaking to you in plain English and translating by the time you're done with the course. When you read through 853, when you read through risk management framework, 37,  you're gonna understand what they're saying. They just use a certain language that is just very cumbersome.
  I, myself, after years of this have to reread, sometimes I gotta read it over and over again. Cuz the language is not, they're not using every day speak like we're talking right now.  It's just, they use all this different, these different words that you don't normally see. And so you're having to reread it.
yeah. Okay.  Answered those two questions and I got a few people talking to me. Let me see, let me read a few of those and somebody's messaging me. Let me just make sure that this is not something important real quick. Okay. All right. So it looks like I'm gonna have to end this session pretty soon.  I got a honey do list to attend to.
Okay. I'm gonna read through these as fast as I can. As fast as my dyslexic brain can allow me to process this information.  okay. Says  spade says  I'm maybe five months into my first industry position  as a  tier one. Oh yeah. Tier one security operation center analyst. I guess I'm not exactly entry level, but I'm looking to make more, some more money.
   Yeah, I would. So one of the things that I did looking for a junior security analyst role. Oh, okay. So one of the things that I did that immediately made me more valuable and is  there's certain certifications. Now, one of my courses actually talks about this, but I can mention a couple right now, the certain certifications that lend themselves to making more money, like just off the top of my head, a CIS S P certification.
 And then there's certain skills  certain skills.    Actually let me name a couple other certifications, any kind of professional level certification  is going to get you more money. CI  S P the CASP CI SM C I S a CCNP. Those are our professional level certifications, entry level security certifications would be like security plus  and there's a few other ones, but    okay, so those are certifications.
 And then for skills, if you're in a sock that would be seam,  if    Splunk, if    arch site's not as hot anymore, but Splunk is super hot.  If  some of the IDSS on IPSS  if you're deep in the firewalls  if you can configure them hot  if you're Palo, Alto's a hot one.
 But if you're  it's security analyst works. So you're looking at more stuff. That's looking at logs.  McAfee products NEIS  is a good one.  But the top ones right now is still on fire would be  Splunk. Yeah, Splunk. And then another hot one, like it's getting more hot, I would say, would be cyber security.
 Cyber security, threat intelligence stuff is getting pretty hot.  Cloud computing. If you know that one, like more and more organizations are using it. So they need people who know some of the vulnerabilities of cloud technology.  What kind of gotchas that organizations fall into is another good thing to know.
So those skill sets are immediately get you in another bracket of pay.  I have to warn you though. Once you get to another bracket of pay, you gotta deal with the IRS, but that's a whole nother conversation. Okay. JJ says  I got hit up for a cyber security risk management framework engineer, long term remote W2 contract position.
I have no experience with the risk management framework. I'm guessing I got hit up because of my cyber security experience, clearance tips, and tricks. Do I have any tips and tricks for this?  You okay. Do you said I have no risk management framework. Okay. So if you ha don't have any experience in it  yeah, that's gonna be, I  if you want the job  I would talk to 'em about  taking you on as a, as somebody who's learning it.
 Just be honest with them and say, no, I don't have experience with this, but I do have risk. I do have cybersecurity knowledge and I have read through  the risk management framework, 853, I've read through 837. I'm familiar with it. I've worked with  Compliance officers before I've worked with information system security officers before I've worked with security assessors before whichever one of those is true for you.
If none of 'em are true, of course don't say that, but , if you, so the thing is  if you have experienced from cyber security, you have an advantage in that    the basic concept  of security, which is to protect the CIA  protect the confidentiality, integrity, and availability. You can just tell them you have a very strong foundation, explain to them that you have a very found strong foundation in your respective cyber security role, and then build from there.
So if you have a solid skill set in cyber security, even if you're a system administrator, just what you need to do is dig into your archives of all the times you've done. Implementation of security features on a system. I guarantee you have a solid set of skills, right? So with those skills, you wanna tell them, Hey, I know how to secure systems.
I know what to look for. And by the way, I know the risk management framework process. I've not done it before, but I know it now, if you don't know it, go learn it.  I have a course that you can go through, check that out that you can add, to be honest with you, you can probably just Google it and read through the risk management framework, 837.
I would highly recommend my course because I'm telling you exactly what you're gonna see and what they're gonna say to you and what they're expecting.    And I'd be willing to help you out. So just keep those kind of things in mind, tips and tricks. Number one. Build on what you already know as a cyber security person  confidentiality, integrity, availability, you've secured systems of before, more than likely you've worked with assessors and auditors before, more than likely you've worked with compliance people before you've done documentation before you wanna highlight all of those skills that you already have, and then tell 'em Hey, another  tip is to learn the risk management framework process.
Learn it by my course. Go ahead and learn, read through it.  Watch all the videos. You'll get a solid understanding of what the foundations of risk management framework are. Okay. I'm gonna move on to the next thing.  I'm paid member at the first as a first timer. How do I get a job? Because most of the jobs are looking for five years of experience.
So one of the things that I would highly recommend Cobi is to. Look for entry level positions. Okay.  Entry level positions, you gotta start somewhere and that start is entry level. Okay. So let me just show you what I mean by that. It's very simple. If you go, if you could follow along with me, if you want go tod.com, this is just one site, by the way, I use this one all the time, cuz  it's just so vanilla.
It's so vanilla and so easy to understand and so straightforward that it's feel like it's a really good teaching tool. Okay. So first off here I am in indeed, indeed.com. You're gonna follow along with me. Okay. Put your location wherever you're from wherever you're from. Put that in there. Next thing put  there's a couple things you can do here.
You can put ISSO there's a ton of key words you can use for this job. ISSO  entry level,
none  in this area.  Okay. Let me search somewhere all over the United States. Wow. It's just really going to town here. All right. So look at this information system, security officer work, most of the jobs, if you happen to be on the east coast, you should know that  you guys have all the jobs  you guys have  70% of all the risk management framework jobs.
I'm not even messing around with you, but  yeah. So you notice how all of these are Virginia. You can find a job, especially if you have a clearance. There's a couple of things that you have. You may have an advantage. If you happen to live on the east coast, you have an advantage. If you happen to have a security clearance, watch this.
If I put security  clearance, if you have a security clearance, you have an advantage. Cause sometimes they're looking for a person with a security clearance and they're they just get desperate, cuz there's just not that many people who have it. So they'll actually  pull you in and teach you if you have this.
Now, if you don't have a security clearance, another thing is you got, you could be eligible. For a security clearance.    Eligible means  you are a  a us citizen BLE. I cannot spell what the damn eligible.  my first and only language and I can't spell  eligible. Yeah. Now all I did was type in eligible and  and they, it immediately knows I'm looking for eligible active.
Oh wait, no, I'm looking for eligible.  Security eligible for security clearance is what I'm looking for, but it's coming up with active duty  okay. But a bunch of, so stuff came up eligible security clearance is what I'm looking for. Eligible security officer. Now these are physical security roles.
Okay. Here we go.  Principle means like you're a boss, so you don't want that.  information security specialists in an airport. That's physical security. Okay. This is mixing a bunch of stuff up here. Eligible security clearance.
Yeah, here we go. So  if you're eligible for security clearance, if this is another  another thing that's gonna make it so that you have a better chance of getting a job, the best thing you can have, of course, I'm not even gonna, I'm not gonna BSU  is experience. There's no replacement for it, but how do you get experience if you don't have it?
So you gotta go to entry level positions. Now, if you have zero.  if you have no it experience that is different. If you have some, listen, let me just be very Frank with you. If you have some it experience, meaning you are a system administrator, you worked on databases, you worked on cryptography, you worked on, you have some it experience.
You worked on workstations, whatever  you have a very good chance of getting in, into risk management framework. Okay. You have a very good chance. If you have zero, it experience, meaning you've never held a role at a company or a university or a private    or a government or anywhere that is different.
That is different. And the reason why is because risk management framework and security is typically not entry level. It's not like literally walking the door and start flipping burgers. Okay. That's not that this is not that kind of a job.  there's too much stuff at stake. There's too much trust that's involved.
 There's just, you're gonna be trusted with other people's information and assets. You're gonna be entrusted to know the secrets of that organization    where the vulnerabilities are. You're gonna know where they are. They have to trust you. So for that, they need a professional who has something to lose.
All right. That's why cyber security is typically not an entry level position.  I'm sure somebody out there right now is watching this saying, Bruce, what are you talking about? I'm an entry level.  I'm walking off the street and I'm a cyber security person. Okay. That's fine. But I'm just telling you typically, it's not something you walk off the street and you can do this.
That's don't lose hope. Okay. If you don't have it experience, if you don't, if you've never done any of this stuff before, there's a couple things you can do. People contact me all the time and what  the last time I did a couple weeks ago, somebody an educator contacted me and she said, Hey, Bruce  I really wanna get into it.
I want to be getting a risk management framework. I like what you're saying. It sounds cool to me. I wanna do it. She's an educator. She had a master's degree in education. She has very little or no it skills. And I said, Hey, you might wanna consider becoming a program manager, okay. Program managers work with it.
They, and in some cases they have to know our, they gotta know what we're talking about. They have to know some of our jargon. They don't have to know how to configure a server. They don't have, they don't have to know how to stand up a Linux box. They don't have to know how to reduce threats on a.  on a weapon system,  they don't have to do all that, but what they do have to do  is they have to have a certain level of maturity to manage a project and they have to have a certain level of  technical know how with things like office   so those are some of the things that you would, what I would suggest if you were trying to get in a high paying, very high, skilled, high paying job in it.
One of the things you can do is get a parallel job, which is a project manager position. It pays six figures by the way. Okay.  It's not a joke. It's no joke. Program management is no joke.    You can actually, even without an it experience, you can get in there and you can make upwards of six figures.
Look it up. Look it up.  It's a damn good job.  So yeah, number one, if you don't have any it experience at all, you gotta get it experience. You got, you have to, whether you're volunteering at your church, volunteering at your job. If let's say  you're a system administrator  you're a non system administrator.
You're HR, you're in the HR department, right? You work with people's w two S and stuff. You wanna get an it, but you don't know what to do. You don't wanna do a program management work. You don't wanna do that. You wanna do it. Okay.  Then you gotta start from the bottom. Imagine somebody walking in your job in your profession, off the streets, not knowing anything and wanting the keys to the castle.
Okay. With cyber security. That's what we're talking about.    You gotta, you, if you have no experience, you gotta get it. That means you gotta become, go to  help desk entry level position is what I would suggest if you have zero it experience, but you wanna get technical. Yes. Go into, try to entry level positions, volunteer, do it for free.
Cause that work that you're gonna put in for free fixing somebody's laptops at some corporation is not indentured servitude. It's. That you're building up experience. It's experience. You're slowly building up and putting on your resume, building up experience, putting it on your resume. Then that'll allow you to level up to another job, a higher level it job.
You do that by the way, while you're working on your security. Plus, while you're working on your a plus certification, a entry level position with an entry level certification, then once you have those things, now we're talking about months and years worth of work. This is hard work. This is not something you walk off the street and then suddenly you do it.
People are gonna entrust think, imagine your bank. Okay. LIS if you don't think it's fair, just imagine your bank, whatever, wherever you bank in the back, they have a security person who D who a cybersecurity person who has no experience, but they know where all the SU they know where all the vulnerabilities of the bank are.
They know.   Where the threats, they don't even know what threats are. They don't know what threats are, but they know there's vulnerabilities. They ran the scan. Do you want that person at your bank as a cyber security person who doesn't know what they're doing, who has no experience with it? No, you don't.
So I, when you're talking about cyber security, you're talking about somebody who's entrusted with the keys to the castle. They have to have something at stake. And that means you have to put in the work as an it for me to you. If you're an it professional, if you are trying to get cyber security, like we ha we are entrusted with something, with a lot of information  so you have to have something, you have to have some skin in the game.
That means time. That means you, you invested your own time and money to get to the skill set and the skill level that you're at. And you're not willing to risk it by making a mistake or doing something stupid. And I everybody makes mistakes, but. As you get to learn how to troubleshoot as you get to learn how these systems work, how to do backups  you begin to learn how to manage your own risk for your own profession.
You manage the risk to yourself and ran, manage the risk to your organization and the risk to the organization's information.  I hope that makes sense to everybody out there listening.  Let me see.  And I'm gonna, I gotta do a couple guys.  I gotta get going here.  I apologize for cutting this one short, but  let me see.
Can you get a ISSO job with a green card as a green card holder?   That is a good question.  Yes, you, you can, however  There.  Not, maybe not an it's gonna be harder to get an so job. Okay. But let me show you, let me show you my screen here. Let me show you how you can get a compliance job, a security compliance job with a green card.
So there are security, cybersecurity jobs  that have a  public trust clearance. It's a type of clearance, public trust clearance. It's a type of clearance that doesn't require you to be a us citizen. If I'm not mistaken.  Yeah, let me see, let me try this one here. And usually they'll say, Hey, you must be a us citizen.
They'll tell you right on there.  This one might not be, and it's not giving me that information. So this is a public trust. I think.  but it's not okay. How about this? Let's do this. Let's just be straightforward here. Let's just say, watch this cyber security    green card. They usually put GC as a green card, by the way.
Let's see cloud strike.  Let's look at this one. It will say in here. Yep. There you go. Right there. See this that's the keyword right there. See it says green card for clearance, us citizen or  green card for clearance. There you go. That's what you wanna look for when you're looking for positions now, do they do this for ISLs?
Let's see, let's just type in ISL. I don't, I've not seen a lot of green card holders be ISLs, but I could be wrong. Senior    chemist, see that see  is so  usually in ISSOs working for a high level government agency and they require that you be a us citizen. So that's why you, I just don't I off the top of my head, I don't know if any ISSOs, but I know that there's actually, I take that back.
So there's some corporations  there's some corporations who do ISSO work and they will hire a green card holder. But what I would do if I were you, is I would just
senior associate cyber risk.
See I'm currently working in an organization that  we have people from all over the world working with us. So I know for sure you can do cyber security, cyber risk in the us    without being a us citizen.  I know several people who that work on our team who are in that exact position, but are they ISSOs  we're not doing  those kinds of, we're not doing D O D type stuff.
So let me see here. I'm looking for, did I just pass it? Yeah, it's in here must be a us citizen or green car holder.  And most of these are gonna be, must be a us citizen, an our green car holder jobs. Yeah.   We couldn't find an ISSO position. That's green card, but you can find. All right, guys.  I have to go.
I gotta get going here.  Thank you so much for watching me. If you have any other questions, if you look in the description below, there'll be a place where you can actually join me all times of the day on holidays and weekends and stuff  on discord, you have any kind of questions. I'll answer. 'em when I can also  you can always email me.
   It's, cyberware 2020 gmail.com and  we can talk about  any kind, and I'll actually make a video sometimes about people ask me really great questions that I think could help many people. And you'd be surprised sometimes people ask me a question, but several other people ask me that exact same question.
So I know it's something that is relevant and I know it's something that needs to be addressed. So then I'll just go ahead and make a whole video about it. All right, guys. Thank you for all your questions. Thanks a lot.  Copy. If I didn't answer your question, please answer, ask me on discord in the linked description below    spades.
Thank you so much for that. I hope that's how you pronounce your name.  Marcus, thank you for your comments. I did not get to your comments, but    let, what I'll do is I will copy this and use this for another time. Another video. Thank you guys so much for watching. Join me on discord. If you have any, if you have a pressing question and we will talk.