ConvoCourses

get the xls spreadsheet here:
https://securitycompliance.thinkific.com/courses/cis-control-maps
 
Hey guys, this is Bruce and welcome to a convo course podcast. And today I want to talk about one thing in particular, and that is the CIS and how it maps to the ISO 27,000. And one, if you didn't know, both of these are security compliance frameworks that are used in the public sector and private sector, as well as international organizations.
So pretty much a little slice of everybody use. One are the two of these particular security frameworks. CIS is typically used for the private sector. That means like retail stores or banking or community centers or those kind of organizations that are private Lee own organization. And sometimes nonprofits.
I'll also say that in having worked in the public sector from time to time, we'll actually use CIS controls as well. It, just depends on what kind of what we're doing. Like we use the CIS benchmarks. I've seen those used within the government within like department of defense, cuz it's just a great tool to use.
And if you're interested in finding this, just go to Google or being or Yahoo or your favorite search engine and just type in CIS controls and. Right now you have a mapping from the CIS controls version 7.1 to ISEL 27,001. Now right now, CIS controls are on version eight. I'm not, I don't think that one's out yet, but right now we are focusing on.
Version 7.1, but we will revisit this once we get version eight. Okay. So that being said, I sell 27,001 is an international standard for information security management. And they both, do the same thing. It's for an organization to have a guidance on how to actually. Proceed as far as securing their entire network, not even just the software and hardware devices that are connected to the network, but also things like physical security, maintenance.
All aspects of protecting the actual security of the system. Whether it's outside of the system whether who's touching the system who has access to the system, all those things let's start from the top. So what we're gonna do is just focus on the main security controls, like CIS control, one that is inventory and control of hardware assets.
And you'll see that the IO 27,001 has something similar in and it's called a.eight.one.one. So inventory of assets, right? They kind of group 'em all together. They don't break 'em apart in individual things for ISO 27,001. Whereas I CIS controls, they break it up into do different things. CIS control one is hardware.
Whereas CIS two is inventory of security controls. I inventory of security sorry, inventory and control of software assets. That is not broken apart by ISO 27,001. They keep those together as a dot eight, do one.one. Let's keep going here. We're gonna go to the next control, which is CIS control three, which is vulnerability management, continuous vulnerability management, every single security compliance.
Framework does have some sort of vulnerability management, our continuous monitoring and vulnerability management they're hand in hand. And this one is no different, so I sold 27,001, let me see let's see if they have it here. They have more of a risk rating response. That's continuously done.
management of technical vulnerabilities. Yeah. So they have a dot 12, do six.one that matches to CIS control three, 3.7, to be precise. Let's go on, keep moving here to CIS control four. And that covers controlled use of administrative privileges. And that's really important because you don't wanna give your admin accounts to everyone.
That's one. One of the things that some organizations do is they'll just give admin rights to everyone, anyone who needs it, they'll just put it on individual laptops and think it's okay. And it's really not okay. Because if you have an administrative privilege on that system, you can pretty much do what you want with that particular system.
And it might even allow you to escalate privileges on other systems. So you gotta be really careful with that. So that's why you have CIS control for. Controlled use of admin privileges and let's see what ISO 27,001 has. So ISO 27,001 does have this and they've broken it into parts and have it as password management systems as a dot nine dot four dot three.
They also have managed privileged access rights. There you go right there. So that matches directly to CIS four controlled use. Admin privileges. Let's keep it high. So far, I've gone through a bio, probably about 50 different controls. If you break it into the sub controls, it's probably 50. We just hit, but we'll just keep it high level and just focus on the main security controls.
Now let's move on to CIS five and this one deals with secure. Secure configuration and hardware software. This means like whenever you have a, laptop, a hard a laptop, a workstation, a server, there's a hardening process. Meaning we're gonna take this system and we're gonna make sure it doesn't have default passwords.
Make sure it has it's locked down. The WiFi's not just open and, attaching to anything. Maybe the wifi is off. We have some sort of secure configuration that we put on all hardware and software for mobile devices, laptop. Workstations and servers. This is a common, this is a, best practice. That's using most security frameworks.
So the ISO 27,001 does have this and they have it broken into two parts ex acceptable use of an asset where you would actually secure that system. And then also secure system engineering principles. Let's keep going to maintenance, monitoring, and analysis of audit. So the reason why audit logs in CIS control six is merged with maintenance is because audit logs are used not only for making sure that the incidents if you find any incidents, you can find them through the audit logs, but also for maintenance because every now and then a system goes down and you could put that in the log.
So it goes directly to a server. So you can, your maintenance people can go in and say, okay, let's look at the logs and see where this thing crash. So CIS six actually covers this and it maps directly to two different security controls in ISO 27,001 mainly event logging and clock synchronization. The reason why clock synchronization is important is because if you need a timestamp for all logs, otherwise if, you see that the system went.
You need to know what time it went down. So the actual clock synchronization is super important to event logs at the, and if the time is off, you don't know when an incident happened. You don't know when the system went down or whatever the log is telling you. All right. Let's keep going to CIS seven, which covers email and web browser.
Protections and these just so you know, these are not that much different from CIS controls eight. This is the same one that's so far, these are all the same ones that are in CIS version eight. So anyway, let's keep going here. We wanna know if this maps to ISO 27,001 and it does. So it goes into susceptible use of assets, just like we seen on the, in the previous section.
And then also it goes to restrictions on. Installations and that's what you have for protecting the email and browser protections. Another thing it has is network controls, making sure that the network traffic isn't going all over the place, making sure that we, making sure that the internal, our internal users are not allowed to go to.
Sites that they're not supposed to go to another one that's broken up into in ISEL 27,001 is control against malware. And that's your anti-virus stuff. E electronic messages that is making sure that you have secure messaging going back and forth, making sure that you don't have like email spoofing, things like that.
So it's broken up into several different parts, but let's keep going here to the next section to C I S eight and that's malware defense. This goes really deep into malware defenses for CIS controls those in everything from centralized management of, manage of anti malware software as, as well as ensuring that anti malware software signatures are updated and things like that.
And we do have this on ISO 27,001 name. And the control against malware is where we would find that in ISO 27,001, but there's several other breakdowns in ISO 27,001 that also link to our malware protection. All right, let's keep going to CIS nine. And this goes to limitations and control of network, ports, protocols, and services.
This is a common best practice that you'll find in this 800 you'll find in all of the different frameworks in some way, shape or form, do cover this on how to actually focus in. And use the, law of least functionality is what it's called the nest 800. But anyway let's, go into this one. So we're talking about associating, active ports and services with two asset inventories.
So we need to know is if port 23 is on which systems are using port 23. And ensuring the next one is ensuring only approved ports and protocols are used are running like what we only use in what we need. And you'll find the same thing in ISO 27,000 in one with security of network services and segregation of networks.
And then also network controls. Let's keep going here and see how we can map the next one, which is C I.  control 10, which is data recovery capabilities. So this one does map to ISO 27,001, namely in information backups that those two map directly to the CIS data recovery. And this is just what you might think is ensuring that you have regular automated backups making sure that you can recover from those backup.
And, making sure that you protect those backups. All right, let's go to the next one. And we don't have that many more to go here. But this should give you an idea of what's in CIS controls and also what's in ISO 27,001 as well. So let's keep going. CIS control 11. So this is secure configuration of net for network devices, such as firewalls routers and switch.
And if I'm not mistaken, this one might be a little bit different in the CIS eight. It's not the same. The content's the same. They just shifted things around a little bit. So this one is, dealing with maintaining a standard for security configurations for network devices. That's their switches.
That's your routers, that's your firewalls and things like that. And let's see if there's a comparable. Control on ISO 27,001. Yeah, we have change management. This is where you would control the actual iOS security on a system and making sure that you have change management. But the, also the another one that they have here on ISO 27,001 is segregation of networks.
That one is lined up with what you have in CIS controls as well. All right. Let's keep going.  C I S 12, and that is boundary defense. Now this is also in N 800. All the stuff that I've read so far is also in missed 800, maybe going forward, we will cover how CIS maps to N 800 because it does it all maps up.
And if one, that's why I say in some of my other courses and in my other videos is if one, you know them. There's a little bit of change of terminology. The control names are different, but if one, you know them all, okay. So this one is dealing with boundary defense, and this is maintaining an inventory of what is in your network.
What you need to know what's in your network. And to do this, you do things like scanning. You do things like denying certain communications from going to certain IPS. You have to control your boundary. In depth is used quite a bit with this one, but boundary defense and this one maps directly to network control.
That's in the ISO 27,001. Okay. Let's keep going here. Let's keep keeping it high level. There's a lot of things that we're going over, cuz we want to keep this high level. Okay. N the CIS control, 13 data protection. What does this one deal with? This is maintaining an inventory of sensitive information removing sensitive data or systems not regularly accessed by the organization.
Anything you don't need, we're gonna get rid of it. And making sure the sense of, data's not floating around out there, which is how a lot of data gets.  and ISO 27,001 has addresses this in several different controls. One is classification of information. Another one is network controls, another one's electronic messaging.
And another one is mobile device policies. And there's a few others, but we are gonna keep going. All right. So C I S 14, this one deals with controlled access controlled access. On on the need to know. And so this one is segmenting the network based on sensitivity, enable fi enabling firewall filtering for between VLANs.
And this sounds a lot like PCI compliance. So PCI compliance also maps to the CIS. PCI I'm, talking about PCI DSS, that's protection of credit cards and the credit card industries and retail retailers and hotels use this quite a bit. So they have to actually go through an audit and assessments and stuff for all of their card readers.
So for this one, you have the same thing. ISO 27,001 has segmentation of network. Network control. You can see them, them using the same ones. Theirs is just broken up differently. So they group a lot of, the controls together. Let's keep going here. We don't have that many more to go.
We're on 15 CIS control 15, which is wireless access control. So this one, as you would suspect it, it's disabling access points that are not used if they're not required detecting wireless access points. That are connected to the wired network and, taking an inventory of all your wireless stuff.
And so this is covered in ISO 27,001 in the inventory of assets and the network controls and the acceptable use of AC of, assets. Let's keep going here to the CIS 16. And I think we only have two or three left here, but CIS controls 16. Account monitoring and control. So in, in N 800, And in this 800, you have this one is AC two, a C one C three.
When you're doing account control and account management and things like that, this one is in CIS control 16. So how does this map? Two 27,001. Control. In the inventory of assets, that's where they control it in ISO 27,001. They also cover it in policy on the use of crypto cryptographic controls and control network controls and user registration.
And deregistration so you can see it's just broken up. They're covering the same topics, but it's broken up into different parts. Now let's keep going to CI. Control 17. And I wanna say this is the last one. Let me see. 18, 19 20. Okay. There's only three more left. All right. 17 we'll just quickly go through these implementation of security awareness training.
Self-explanatory you do have the same thing on ISO 27,001. It's literally called information security awareness, education and, training. Same. Okay, so we're gonna go to 18 and 18 is application software security. That's making sure that you're, whenever you're developing software is developed securely and is, establishing secure coding practices.
And you have the same thing over ISO ISO 27001, which is a secure development policy. Whenever you're developing the actual software, you have to develop it securely. Okay. Then we go into 19, which is incident response. This is a big one. This is also in IR in the IR controls, IR 1, 2, 3, and 4 in the NIST 800.
But how does this map over to ISO 27001? They have something called responsibilities and procedures. And they have reporting information, security events, and con contacting authorities. All right. Onto pen testing. So this is CIS control 20. This is penetration testing and red team exercises. And this one, I don't know, this one actually doesn't have a comparable ISO 27001 control, which is.
Very shocking and that pretty much covers all the maps between CIS controls and ISO 27,001. And we also mentioned a couple of N 800 controls and I'll catch you guys on the next podcast.
If you want to download your free copy of the CIS To ISO 27001. Then go ahead and go to https://securitycompliance.thinkific.com/courses/cis-control-maps

 
Hey guys, this is Bruce and welcome to another convo course of this podcast. And today I want to talk to you guys about what's been going on in the last few months. I've been able to actually travel while I was between jobs and because I have a high-paying cyber security job, I had one anyway. I was able to quit.
My job. I had some family issues like I had to take care of. And my, job was, it was a very high level high stress job. So I was a consultant for all these different organizations and it was just, it was really stressful. And I had all these severe family issues that I needed to take care of. And the, actually the corporation that I worked for was really, kind.
And my boss was, took me aside and said, Hey man, if whatever you need we'll, let you. Had to let check a sabbatical and all that kind of stuff, which was very kind, very sweet very good company actually. But the, problem was I had so much travel and I was, I'm a remote worker there, but it was just too much travel.
So I couldn't make that match what I was doing with my home life. So I, went ahead and just, I had to leave, but in between I knew I was gonna get another job. Actually, my.  Side hustles have been doing so good. I thought maybe that I could just live off of that for some time, but the medical stuff was too high  to the medical here in the us is really bad if you didn't know.
Anyway, so neither here nor there. I couldn't afford to actually live off of my. My businesses and my all my income streams and stuff. So I'm processing, as in processing stuff, I've did a whole bunch of interviews and everything. I learned quite a bit more about the current state of getting jobs in cyber security.
But I was able to get one pretty fast and it was, I was able to get something I really wanted. So a hundred percent remote position making the kind of money I wanna make. And for, and just to give you guys some social proof.  what I've been doing. These, if you go to TikTok, a lot of the stuff I posted on TikTok was there's a lot of these videos that I did directly from my travels.
Here's let me show you one. Here's one right here where I'm on. I'm in Manila beach, I think so. Yeah. That's Manila beach right there. That's the embassy behind me in Manila. So yeah just did a whole bunch of videos. I was gonna. I was gonna go to all these other sites. I was gonna go to Bali and go to Singapore and, places like that.
But I, I just didn't, we had some issues with the flights. So I was just, I just ended up staying in the Philippines the whole time, but I just wanted to let you guys know, like what's possible because I was I'm working this high level job was able to save some money and able to go. Actually take a break for three months.
I've been off of work for three months and I could afford it because I just had, I had money and savings. I had all these other resources that I created. And so that's why I, was able to do it, but now I'm going back to work and everything. And I'm not sad about it, but I, would've been a lot happier if my business would've been able to support me and sustain my family for that whole time.
But unfortunately  unfortunately not . So yeah, thanks everybody for watching me doing this live once again on, on the podcast. And I wanted to talk to you guys about a few things, show you my, new podcast and where that stuff is at. I'm gonna show you the new book that I have. That's coming out to show you to do exactly what I've been doing.
It's gonna break all that stuff down and give you a preview of what that's all.  and and then I'll just answer some questions. We'll just, we'll keep it loose on this one. Let me show you another picture. This is me. I, was on a rooftop hotels, like a resort. It was really nice.
And I'm just telling, talking about showing like me actually doing it and. I've been able to do it by marketing myself. So that's what this video's all about. The video just shows me on the rooftop, jumping in a pool having a good life I wanna show other people how to do it.
Exactly what I did. It really works, but let me show you gonna be a book about marketing yourself in cyber security, how to create a resume in cyber security in particular, but it, you can also use it for it or whatever field you're in. Really like the techniques will work in any field, but I want to focus on cyber security cuz that's where that's what I've been doing for the last 20 years.
So cyber security and it jobs resume marketing. I'm gonna put this on Amazon. I'm gonna put this on my own personal website and I'll, there'll be two different versions and I'll have an audio version of this book. And what I'm gonna talk about is essentially how to get a path, how create a path in cyber security, cuz there's many cyber security is a huge field.
So whenever somebody says, oh, I'm want to get in cybersecurity. It's okay what, exactly do you wanna do in cyber security? Cuz there's forensics. There's incident responders, there's cyber security analysts, there's security compliance people. There's information to security officers.
There's engineers, architects, there's CIO, CSOs. There's all different kinds of roles and different kinds of fields within. Within cyber security, crypto cryptography is also a part of considered a part of cyber security as well. So it's just a huge field and it depends on what you're doing.
Yeah, here's the book it's gonna talk about, like the format you should use. I'm basically showing everything I've been doing and it's really been world. You wanna be spoon fed that stuff and ask me questions directly. Then that's the course expected results. All I do is talk about what, I'm experiencing.
Like I get calls all the time. I can name my price. If I want to go. If I'm willing to travel, I can name my price. I, tell you how to create a profile, how to put yourself out on all these sites and then how to get all the continuous calls. And not only that, but how to.  Get the actual format that you need.
That's gonna sell yourself. That's gonna be able to be digestible by all these organizations and employers who want you. They're looking for people right now. Cyber security is a huge field and we really don't have enough people doing it. Unfortunately, it's getting so crazy that they're even taking in a lot more entry level people than before.
There's lots of opportunities if you've been watching my, my, if you watched my last podcast, I talked about how those out there. And here, they are right here so far. If you want this directly from the site, go, if you happen to be watching me on YouTube, you can click on the link description below, and then it'll go to this site right here, but it's combo courses dot podcast, pod bean.com.
And, you'll find it there. All right. Let me see, what else do I need to talk about? What else do I need to talk about? Oh yeah. So that book that I'm writing a cyber security book. That's gonna tell you exactly what I've been doing to market myself and get a lot of different opportunities to get into cyber security and information technology in general.
So I'm constantly getting emails, messages, text calls all day long. Maybe I'll probably get an average of.  with everything probably six or seven on average a day. Sometimes it's way more. It's actually quite annoying. And now that I actually chose a job, I have to turn all that stuff off. It's just so many opportunities.
It's a good problem to have to constantly be sorting through all of these different jobs and stuff. And out of those tons of jobs out of a hundred jobs they're, probably about 30 of them or not 13 of them that I'm. Or yeah, this is a good one. I'm gonna do an interview with this, with these guys so that's what I'm gonna show you guys how to do, but the second book, it's gonna be a two book series.
The second book is gonna be based off of this. What you see here on the screen. If you happen to be listening to me, this is the nice framework. So this is an organization called the national initiative for cyber security, careers and studies. These guys have been around for quite some time and what they did.
Brilliant. They broke down all the main categories of cyber security in the cyber security workforce. And these categories include there's seven of them and analyze, collect and operate, investigate, operate, and maintain, oversee, and govern, protect, and defend. And then securely provision. And let me just show you like what this is all about.
Like you might be like what, does this have to do with your book? Let me just explain to you, so what I'm gonna do is I'm gonna break this down and make it so that it's understandable to, to everybody, like I'm gonna relate this directly to your, you getting a job, because like I said, cyber security is a huge field.
What these guys did was they broke it all down. If you go to this site, it's like a huge database.  and they have specialty areas in each category, right? So what I'll do I take you to my category? So my category is called oversee and govern. And so this is where a lot of managers, cyber security management, executive cyber cyber leaders are at legal advice, policy procedures, things like that, education, all that kind of stuff, because.
It's not usually hands on type stuff. It's more of you're overseeing what's going on. You're making sure everything is being going in the right direction. So my specialty is really this one right here, which is security information system, security managers, and then they have different work roles that, that breaks this breaks in further down into work roles.
And so it has abilities knowledge, skills, tasks. And, other things that you need to know, if you're trying to get into this actual work role and it, furthermore, what you can do is, and what I'll do in my book is I break this down into even relate it to directly, to like LinkedIn and indeed and all that stuff.
So you can see direct correlation between the categories. That they've broken down here. And actually the categories that are in all cyber security that's cuz that's what they did. They just took seven categories and said, okay, this is how cyber security breaks up. And then they broke that down further into specialized skills.
And then they broke those into work roles.  so I'm gonna take this stuff and relate it directly to how you can take stuff from indeed stuff from LinkedIn and find your niche that you can actually get into in cyber security. And then once you find your niche, once okay, I wanna be in information security officer.
I want to be an information security. I wanna be a COMSEC manager. Then what I'll do is I'll show you how to find. What exact degree you need, if you need one, cause some, don't even need a degree, bro. Some don't even need a degree. Some like just need specific skills, but it'll tell you exactly what skills you need.
Exactly what keywords to use on your resume. Exactly. What everything time you can check out this site is, that. Let me see if I can give you guys the link here. If you go to actually, if you go to Google and just type in cyber security workforce, nice. In N I C E, that right there will guide you to this site that I'm showing that I'm, that you see here.
It's pretty robust. There's a lot of things going on with this site, cuz these guys are very, active and the department of defense. As well as DHS and all these different agencies use these guys as a reference to know exactly what skills and tasks that are needed to do cyber security. Federal government relies on this, what you see here very heavily.
So that's why I decide to make a book about it, to boil it down its stuff, practical knowledge that you can use for your career. Two book series gonna tell you how to market and then how to get the proper career path of what, you want in this field. All right. Let's get into some questions.
This was not gonna be too long of a podcast. I'm going to go to, I've got a lot of questions popping up in TikTok. Shockingly enough. I did not expect this, but I've got about 2000 followers there so far and. A bunch very, active a lot of questions here, but let me see if I can answer a couple before I leave.
Lemme see here, if you're interested in following me on TikTok, just go to combo courses, go to TikTok and then search combo courses. Okay. So it says, somebody asked me I'm in the healthcare field and I'm. Trying to go with the security plus and the H C I S P which is like a healthcare cyber security certification from ISD two squared to stay relevant.
Any tips? Yeah. So this is great. Like this, is an awesome, and I'm gonna make another video about this specifically on TikTok, but I wanted to speak to this on with the podcast. For this as you're going to security, plus, as you're going to H C I S P I would actually do some labs in your house.
One of the best things, one of the most, one of the best ways to go deeper. And into this subject is actually have a lab in your house lab. That means get a separate computer, or you can actually do it on your computer that you use, get your laptop, your whatever workstation you use in your house. And you can use something called VMware and you can put different operating systems on that computer.
Or you can just buy a whole nother computer, build it from scratch, and then put the security features on that. That's a little bit more expensive with VMware. It allows you to I, don't think it's more in about 200 bucks VMware itself the software sounds, and that sounds pretty expensive, but you're investing in yourself.
So just think of it like that. You're investing in yourself, VMware. It works, but for now, I'm just gonna go to the site just to show you how you can create a lab, on your computer. So VMware is a virtual manager and it will, it's an application that sits on.  system on your computer, and then you can upload like Linux on it.
You can have different versions of windows. You can have Mac all on the same computer, and then you can network 'em together. And it's really cool. It's a really great way to learn how to do whole space firewalls. You can actually, I think you can even put like different firewalls on it. You can put a NAS on it, a firewall.
You can have whole little tiny network. If you wanna do this for free. If you like, especially if you're in a networking, there's another thing you can do called GNS three. This is something I used to use to, to practice for CCNA G I used to have a CCNA. I used to be huge into network.  it's been a while.
So  G N S three. So GNS three is actually is free. The only thing that's gonna cost you is your time to figure it out because it's, like a open, last time I checked it, it was an open source simulator. That simulates network environments. Really, cool. It's actually free. Oh, is it not free anymore software that empowers it free download.
It's not free. It looks like it's not free. It. Why is this site all fancy now? Oh man.  they do this. They put it out for free for a while. Wire shark used to be free too. I think I wanna say NEIS it was even free at one time. Yeah. Look, how many people use this? Anyway, so you download GNS three and it's a virtualized network and you can literally set up a little it's so cool.
Like it's this is one of another, one I like to do like a demonstration of it's really, cool. It allows you to configure log in and configure routers and switches and. Messing around with routing protocols and all kinds of stuff is really cool. So yeah, I would, that would be my advice to you is if you're going for a security plus a H C I S P and you're trying to get into this field, especially if you don't have experience, create a lab, put it on your laptop, start messing around with it.
So you can then start to understand the inner workings of it. All right. Next question. Dru says, Bruce, in your opinion, what is the most, what is a acceptable salary range for a new is SM or is O so it really depends. That's a great question. By the way, it really depends on where you're at in the United States.
And here's why I say that because if we type in ISO pay scale ISO pay scale, watch. It's gonna it's they have a price range, but it really depends. What you'll notice is it depends on what area you're in and it also depends on what, clearance you have, what's the organization. What you're seeing here is, typical of somebody with experience one 30 and these are in Colorado, California, and cer and I think this is Connecticut.
What I wanna see is the actual pay scale. Here it is. So the national average is over a hundred thousand dollars, $56 an hour. That's the national average. Now what this doesn't factor in, I don't think is how many years of experience the person has or if they have other additional certifications or things like that.
National average, that's pretty good for a national average. If you think about it, cuz that takes into account. All the way, the high, the highest level of pay down to the lowest levels of pay. Let me see, if I can find some more. Okay. The national average in Colorado, where I'm at the average is about one twenty three, a hundred twenty 3000.
And that's about right. That's about right. And independent on how much more experience you have. It'll be more. And I could tell you that if you're in the Virginia area, this is low, like 100. Is low, but I, would say it's around this. This is about right. For somebody starting off from scratch, you might come in lower.
If you've, if you have zero experience with it and you're coming in off like maybe you had some experience in the military or something like that. I, could tell you my first job outside the military as an ISSO I had a bachelor's degree, but I didn't have the required certifications.
They required a CI S P at the time. And I didn't have one. So what they did was they just brought me in and said, look, you have X amount of time to get a, cert this certification. Can you do it? I said, yes. So they hired me at 60, 60,000, 62,000, something like that, but which was very low. And, but keep in mind that this was how many years.
Damn. It's been a long time. 10, 15 years ago. It was like 15 years ago. So 10 years ago that's quite a bit of wild that's dang, 2004, 2006. Damn. That was a long time ago. 14 years ago. Wow, man. Time flies, anyway. Yeah, that was like 14 years ago. It's obviously the price has gone up so 70 between, okay.
Let me give you a range. If you are a new, is. A new information system, security manager or information security officer will say, officer first, cuz manager is different. Manager's a whole different range. Let's say an information system, security officer. The range is between, I wanna say depends on where you are in the United States, but I wanna say it's gonna be between about 70 and a hundred.
That's about right. For a new person. Now keep in mind. They know your value, especially once you start getting those certifications. So what you wanna do is no matter what they're paying you, when you get in, get a certification, a security plus a, CI S P a CI S a C risk get some sort of I would highly recommend a professional level security, cert like a CASP, a CI S P a C risk, a CIS, a one of those.
Not easy search by the way. And they do cost you, but once you get that, yeah you'll, be over. You'll be able to switch to another position, new job, somewhere as an ISSO that, or they'll pay you to stay and you'll be able to make over 115, at least 115 or, more. So that should answer that question.
Now you also ask a question about CI SM, which is a different position. CI SMS are usually the supervisors of a CI. C I S O a is SS O man I'm slipping. So an is SM is usually a manager of an is S O so let me show you what I'm talking about here. Managers are usually gonna make a little bit more cuz they're managers, but let's see if I'm not lying to you.
See if I can find the average of a okay. It's not coming up here. I don't know why. Oh, is he trying to search just in Colorado? What is up with that? Okay, let me go back one to see if I could find the average okay. Keeps wanting to search in Colorado USA or what I'm doing is I'm on zip recruiters and I'm looking at their, they've got a, like a little breakdown.
of this. So actually let's let's get outta this. Let's go, back to Google and find another management position. I, guess it's lumping it right in with ISS O okay. And actually the saying is lower for some reason that's inconsistent. Oh, okay. The No, This is saying it's a little bit lower.
That's weird. Which I don't think is correct because a ISSM is a manager, typically, especially in the federal government they, have two different positions. Like one is ISS, M will usually be over ISS OS and they'll usually be the person who signs for the, is S O and manages the ISO's work. So they usually make more, it's usually like a management type.
so that is that's incorrect. I would say is probably in more in the range of one 20 to one 40 and on up. So for an ISSM man glass door is even saying it's lower. That's not been my experience. Oh, okay. No glass door saying the average. For an ISSM is one 20. Yep. So there you go. That, was my guess would be more like one 20.
It is up the scale goes up like 10,000, something like that, just cuz you can see here that they're saying that the, average low on the low end is about 67 to 80. And all the way up to $290,000 is insanity. But yeah, so that's about right. 1, 1 20 is what I was saying. ISSM is gonna make, okay. Let me see if there's any other questions here.
I got some folks watching the stream here, watching the podcast, listening to the podcast. VMware GNS three are, golden for learning. Yeah. Apple work. Yeah, for sure. Okay, let me see if there's other questions. I have so many questions popping up on TikTok. It's very, active for questions. Somebody called me a scam.
It's free stuff. I give away, man. I don't know what people are thinking to be honest with you. Which is the best path for an at home job jobs only. Okay. So somebody asked me, I've had this question before, what are the best jobs? For at home jobs, remote work, what are the best, I guess it jobs, information, system, security, officer jobs.
Information security, cyber security type jobs, or it jobs for work from home these days after COVID I would've had a different a different thing to say about this, but these days mostly. Let me put it to you this way. I can tell you what jobs are, not compatible with remote work.
Let me start from there because nowadays you can do so many jobs, remotely and, more organizations and employers are now more open to remote work, which is I've been doing this before. COVID so it was a lot harder to get remote work before this. Anyway Jobs that are not conducive to remote work would be classified positions.
In my opinion, in my experience if, you're in a classified environment, if you're trying to get work at a especially if it's secret and above it's, harder to have a hundred percent remote. Normally what they'll do at, the most they'll have a a flex position.  flex hours are flex.
I can't remember what they call it, but basically it's like a hybrid That's what they call it. So they'll say, okay, two days out of a week, you can be at home. And then the other three days out the week work of the work week, you have to be at the site or two days are vice versa, like two days on the site and then three days off site.
So they'll do stuff like that. But see, the thing is you have to.  There, you have to be on site a lot of times to do the site, the security stuff the, classified stuff. But that being said there's, actually some people like a friend of mine, really good friend of mine. He was telling me about how there's this innovative new technology where you can actually do even classified work from home jobs.
So even that is gonna be work from home more and more and I'm talking about all the way up to Ts and he, once he explained to me how that's done I was, my mind was blown. I was like, holy crap. That makes sense. But anyway, most of those jobs right now are normally you can't do those remotely.
Another one that's deceptive are jobs where you have to travel a lot. The problem with those is they'll say, oh, it's a hundred percent remote, but. You're traveling so much that doesn't even matter, like some of the consulting and some of the professional services jobs, they require you to go on site.
If, they, if it's over, I'll put it to you like this. If the travel is over, if it's over 50%, then you're gonna be traveling a lot because you gotta factor in. Probably add another 20% for the travel days. Yeah. So if it's over, if it's 50 if it's even close to 50%, that is CR that is a lot of travel.
Like you, I, cuz I did a job like that and I was constantly on the road and the only time.  I think mine was 60 to 75% travel. I was never home. I was never home. would come home for the weekend and then I was off again, like I'd have a three day weekend and I'd be traveling for the rest of the week. So it was brutal, man.
It was work from home, but I just, I was traveling all the time. So if it's any of those jobs and normally the other one I would say, okay, so we talked about classified jobs. Normally those are on site or some kind of a hybrid.  Those are changing, but most of the jobs are you're gonna have to go on site.
The other one would be consulting where you're traveling a lot, cuz you have to go to all these different places. And then the other one would be if they really want you to have FaceTime with the customer. And that usually requires being on site, those off the top of my head, the ones that out of all the ones I've been offered that I've worked at personally, that's been my experience.
But if you guys can name any other places where it's pretty much, you have to be on site field text. That's another one that one's not gonna be well it's it says it is gonna, it can be remote, but you're traveling so much that it might as well not be remote cuz you're never home. Yeah.
Hope that answers your questions. Most jobs off the top of my head. Cyber, a lot of cybersecurity jobs can be done remotely. Remote administration, you can do system administrator jobs, a lot of those remotely. You can do networking a lot of those networking jobs, remotely configuring firewalls, monitoring traffic.
A lot of those you can do remotely. Just name something. Most of 'em you can do remotely. It really depends on the organization. So just keep that in mind. Okay. Let me keep going.  okay. Somebody said it is back on the topic here. Somebody said it is difficult to to impossible to get a fully remote. There is zero chance that I would work and take the added risk of doing classified work remotely.
Yeah. So the technology that was in place was it was like a virtual machine, nothing stored on your computer, basically. It's you're seeing, it's like you're seeing images. Like your whole desktop and everything is just images that you're seeing. But the, risk for me is that if you're in your house, you've got things like you've got other what if your daughter is on the phone over here?
And they have their phone they're on speaker phone and you happen to be doing a you're on a secure line on. System and you're doing classified work and then they can hear what you're saying, so there's a possibility of a security incident because it got leaked to somebody. I don't know.
There's just I'd be nervous about it myself to be honest with you Dru says after C or it travel jobs still plentiful. Yes. I know the go.  in the government for the government. It has slowed down quite a bit. Yet there's still a lot of travel jobs, but you're right. There's a lot of customers and clients.
And the last job I worked at without giving too much away last job I worked at I I was a, consultant. I was a cyber security consultant and we would, our biggest part of, one of the biggest part of our jobs is that we would have, we'd have all these assessments and we would. To a site.
We, we would go to the site and we'd do physical assessments and we'd do wireless assessments. You have to be on the site for those. So we would go there and sit down with the facility manager and ask them, que interview them and then walk around the facility and all this kind of stuff. And then you'd do a report like you say, okay you're good here.
Good. Here you have a checklist, all that kind of stuff. But a lot of clients were like, nah, you can't come to our site or you can come to this site, but you can't come to this site. So you have a point because of COVID travel has been. Restricted, but there is, it's starting to open up quite a bit lately.
Like right before I left, they were opening things up. Like it, it was opening up like crazy because Mo most places in the us are opening up with the exception of there's a few places. Like we had some overseas places that were still pretty, pretty locked down, pretty tight.
Exactly skiffs are skiffs for a reason.  yeah. Okay. Let me see if I can answer if there's any other questions here. Tons of questions and interactions on TikTok. I'm really surprised about TikTok. Somebody asked me, okay, this is a good question. Couple questions that are related. Somebody asked me if they can do cyber security at age 30 and another person asked me if they could do it at age 45.
And I would say. As a matter of fact, cybersecurity lends itself to a more mature minded person. Because you have to do a lot of interaction. As a matter of fact, like this career field is pretty old.  I don't say so myself, but the last place I worked at I wasn't the youngest guy, but I I'm pushing 50 man.
Like I, I, wasn't the youngest guy there and.  so I was not the youngest or the oldest guy there. So it, this career path needs more mature people because you're dealing with pretty heavy, issues. And you're having to talk to, you have to have the maturity, the emotional intelligence to talk to high level, cyber security CISOs and C level execs and stuff.
And then you gotta be able to switch gears and then talk to a technical.  and because of that, it lends itself to a more mature type of person who can handle, stress and not freak out. And who've been around the block enough to know, okay. Yep. Don't worry. Like we got this and not panic.
So you need somebody with a cool hand. And a lot of times even me, I've been doing this for 20 years, but August school, like the last place I worked at, there were, so there were people there who were masters at this and I'm like, I man, these guys were running circles around me. I thought I was pretty good at presentations and stuff, man they were killers.
They just like something bad would happen. Something horrible in cyber security. So many bad things could happen that we're in the business of preventing bad things from happening to your assets. Something would happen and the client would lose their damn minds and they'd be a younger.
Who can't handle any kind of pressure and they freak out and they they'd freak out and then have another person, like my mentor, who was at that job, that person would just be calm and just calm them down. Just talk 'em off the ledge, negotiate with them. And then next thing you know, they're no longer holding hostages like they were.
So good at speaking to cus clients and customers, and that level of maturity is, really necessary. Yeah, 45, like as long as you can get the concepts down, as a matter of fact if you don't wanna do another two years of if you don't want to sit down and do two years of learning all this new it, you could actually do something like a program.
Project manager is actually a really great position for an older person. Project manager is. Compliance the stuff I'm doing something like that. Something where you're not super like in the weeds, technically, because there's a lot going on with like firewalls are constantly evolving and changing.
And like a web technology is constantly evolving, changing, and man, to keep up with the server technology it's constantly going constantly moving constantly and you're having to constantly hit the books and stuff. So that could be. As you get older, you have all this other stuff going on in your life.
Whereas youngsters they're just now coming in and taking on new responsibilities. So the work is everything for them. They don't have maybe they have one kid or something, but they don't have necessarily grandkids or five kids or whatever, so they have, they can devote more of their time to this learning this new technology and stuff.
But if you, I would highly recommend especially if you're older,  you already have done two or three different career paths and you're doing this so you can retire and, live a simpler life. Man I would recommend project management get P and, also it really needs more mature people like people who can handle pressure and not freak out people who are calm as a cucumber, this calm, this, and they can just work in any environment because they've, seen some. So they got that, that thousand yard stairs. We used to call it in the military. They've seen some shit so older people like, yeah, I, it is, you could definitely do this as an older person. All right. I think that's it guys.
Thanks for watching. I've been talking for about 30 minutes. I'm gonna try to do more like one offs like this, instead of just doing 'em once a week more Podcast. And if you're interested in hearing a lot more, cuz I actually post more stuff on on audio go to combo courses.podbean.com or checking the link description below and you'll have more access to all the stuff that I put out.
In some old podcasts I've been posting. All right guys, that's it for this one. Thank you so much. De truth. Thank you. S V T. Thanks for all the questions on TikTok.
 

http://convocourses.com
 
Hey, happy new year, everybody.  This is a podcast for combo courses, and today we're gonna be talking about  we got some, a few questions that, that have been  asked of me. I've got a resume to go through. And  I wanna talk to you guys about 20, 21 and what  what I'm gonna be studying this year  as a focus for like certifications or just sharpening my skill and some things that I would recommend that you  look at too.
Cause I think it's  looking forward five years ahead.  What I think is gonna happen as far as our industry is concerned, cyber security or  data analysis and things like that. And so let's get started. So the first thing I wanna talk to you guys about is some of the things that I'm gonna study in 2021, the things that I think that  are gonna be relevant going forward in the future.
And let me just switch my screen here to show you the very first thing.  that I wanna show you is  blockchain technology. This is  something I think that's gonna be more and more re relevant. If you've been watching the news, you've been seeing cryptocurrency going  off the rails lately. And a lot of this technology  the money is based on blockchain.
And I don't think that this technology's going away. It has all the hallmarks of what I saw with cloud computing many years ago, and everybody kept  talking about it and it just kept coming up over and over again. It's really the same  trends I'm seeing  where all these gigantic companies and all these giant organizations are really  dipping their toe in a blockchain technology and very quickly what it  is a basically it's a digital ledger.
It's a distributed digital ledger that allows you to basic you, you can essentially  you. , you don't have to have a middleman. It allows you to not have a middleman because there's something there's a, normally, if you like a, with a bank, for example, a bank is a middleman to your money.  Your money is there.
You have to go to the bank to get your money, but with a digital ledger, basically, essentially your money is out there on the web and distribute. It's all over the place it's distributed and encrypted  so that you can access it. And it has  it's a cure. It allows you to be anonymous and  and it's something, it validates it so that you can't, you people can't say that they didn't make that a payment or could, or didn't get a payment.
It's immutable. That's what that means. So the technology is emerging  slowly but surely  and not just cryptocurrency by the way, but also    for things like logistics. And even  voting can be done with the blockchain, many other  things that we use every day can be used with blockchain technology.
And so that's why I'm gonna be studying more on this    the actual technology behind it    as opposed to just  cryptocurrency for the sake of making money and investments and things, that's a whole separate issue. Blockchain itself does much more than just  money and essentially, like what, another thing that you should know about blockchain technology is that  let me see Oracle starting to use it.
 Walmart is starting to use it and  many different  other organizations and governments are start.  Dip their toe in this technology. And it looks a lot like  what cloud technology was looking like about 10 years ago. All right. Another thing I'm gonna be studying very heavily is cyber threat intelligence.
This is becoming  much more important  to anybody who does cyber security and what this is from a high level is it's. If you have a customer or if you have an org you're in an organization, either one and you're protecting someone's assets, their laptops, their servers, their information, their personnel, you're protecting their assets.
Cyber threat intelligence is where you  do recon to see if anyone is. Looking into trying to break into those assets and the way you would, one of the ways that you could do it is to have a cyber threat intelligence  cyber threat intelligence system that goes out and checks the dark web checks  the internet to see who's talking about your organization.
 Does anybody have your, the  IPS of your organization or is anybody scanning your organization? So you're looking for where people are trying to get into your organization,  a preemptive you're. You're doing preemptive checks to see if there's anyone trying to get  into your systems.
This is gonna be  really more and more important  as technology becomes  even more important in our, in all of our lives. If you looked at the recent gigantic hacks that are going on, state sponsored hacks are happening. And the one of the ways to.  to have some kind of defense against the state  funded  state sponsored actors is to actually do cyber threat intelligence.
See if anybody has been CA  casing the joint,  scanning  your network scanning and see if you have any vulnerabilities out there. So cyber threat intelligence is something I'm gonna really dive into this year, and that's gonna start off with  with  things like  ethical hacking, and then I'm gonna get into cyber threat intelligence, cuz you  gotta know a little bit about ethical  hacking and stuff to actually know a deep, have a deeper understanding of what threat intelligence is.
And another thing I'm gonna dive into this year and I've  put it off way too long is cloud computing technology. And this is something I talk about a lot  on this channel and  it is just getting more and more important. Like it's not going away. It's just.  it's really become a centerpiece of all of our lives  whether you know it or not.
If you've, if you watch Netflix, if you use Gmail, if you use Hotmail , if you, whatever you use, like most of these gigantic technologies are using cloud technologies on the back end. So it's just becoming more and more important. And me as a cyber security person, I need to know have a deeper understanding of  what that is all about.
So those are the things that I'm gonna study this year for 2021, and  possibly get certifications in some of these technologies  and actually it's become a required couple. Two of those things on that list that I just mentioned to you are, have become a requirement for the job that I work at, that  I have to actually  get a certification in 'em.
So this is  something that, that I'm definitely gonna do.    And I think. These tell those three things are gonna become more and more important in the next five to 10 years. All right. Let me  see if I got anything else. I see a few people watching me. If you guys have any questions, let me know.
I'll give you guys time here. If anybody wants to chime in, I've got a few people who've asked me questions and a few people who've asked me to actually look at their resume. So I'm gonna actually do that. Let me see if I can find a good one to look at here. The first one I'm gonna look at is going to be from the, I changed the names, just so you know, change the names and  the addresses and everything on there.
So there's no need to worry about that. I'm gonna look at this resume right here. And what I like to do is I will.  get, put my suggestions in there sometimes  the resumes are so good. I don't really have much to say about it, but it's just like little tweaks and stuff of what I've done on my own personal resume to give them some, to give them some extra juice, some Google juice on that resume  and  my mindset is that I market myself.
And so I encourage anybody, any of my students, anybody who follows me to do the same thing, you gotta market yourself. It's very important in this day and age, there's just so many people. And there's so many competitors out there for you. There's so many other eyeballs on other different resumes that you gotta put yourself.
You gotta set yourself apart by advertising yourself, marketing yourself. Okay. So this is coming from Mike and he's in the DMV area and he is  a senior assessment and authorization engineer. Okay. All right.  I've never heard that. Title before, but  that's good.  If just one suggestion I would make here is if you're Mar if you're looking for a different job, I would, one of the things that I do is I put some more  more common, a more common name out there.
So this to me sounds like it's  and I could be wrong here, but one of the things that he could do is say, he's a security, and I'm gonna read through the resume. This might change. I would suggest I'll just say suggestion is to have the title of this, be a security control  assessor. And the reason why I would say that is because the security control assessor is a more common name  for this type of work.
But then I, this might be something I've not. I'm not familiar with authorization engineer, but  it is just not something  I've heard people use in my industry. So that's why I I would recommend they do this now. This is good. They put active top secret clearance. That's really, that's excellent.
 You, do you definitely wanna put any kind of clearances that you have here?  Up top, because that's  a very marketable thing to have   that immediately eliminates 80% of the people who are gonna compete against you. So that's a  very good thing to put on a resume.  Let me see, I'm gonna read the top part of this qualification profile.
This is pretty good to have, like whenever you're marketing yourself  because places like LinkedIn will have an area where you can put stuff like this, but what I normally do is I take advantage of it by putting as many keyword as possible inside of this profile. You don't want it to just be flowery and sound good.
You want it  to hit 'em right in their teeth. You know what I mean? You want 'em to grab their attention immediately with a bunch of keywords. So they said concept and execution con concept to execution focus, systematic profe. I would not put any of this stuff in here. Okay. I'm just gonna, I'm just gonna suggest some things here.
I'm just gonna suggest some stuff I'm gonna say.  Now I'll have to read the, what I'll do is I'll read through the resume. I'll come back and fix this up, but it's just way too flowery for me. Like I would not, if I was reading this, I would just skip right by it  cuz I want to know what they can do core competencies.
These are good. But  another thing that I do personally is I take this and I put it at the end, any kind of listing stuff like that.  I put it at the end.
 Cuz it will get picked up by the search engines. That's the reason why I do it.   But when I'm reading through it, I want to very quickly know  know what their education is, cuz that's normally a show stopper or a show  it gets the show on the road if they know, okay, this guy has a bachelor's degree.
That's one of the requirements. He has a C I SM certification. That's one of our requirements. So you wanna  very quickly  have all the main things up here. Now   this dude's actually got a great resume here. He's got some great set of skills. So another thing I do is I would put your top certification right up top, like this C S M I would say, is this top certification?
I would say I would put it right up here. Not trying to brag or anything, but I am a CI SM. And  maybe you put the number in there cuz this is gonna be. Guaranteed a requirement. That's gonna  this certification right here can replace things like C I  S P and some other  large level high, sorry, large high level security certifications that  that he has.
And then the cast is also a really good one. But I think  the C I SM is  a better, has a, is better, is a higher level. It's more, no more people know about the C I S M I should say. Okay. So he's got a ethical hacker certification. That's also a good one. I would, that's another one you might wanna put up here as well.
That's a very marketable certification, a lot of pen testers and hackers  really look down upon the C, but I'm telling you it's very marketable cuz  the corporations have not gotten the memo, the government and the corporations have not gotten the memo on, on how bad this certification is. So it's very, still very marketable.
   Yeah, I would put that on top. Let's see security plus. Okay. And some other stuff. All right. Let's keep going here. Scott.  Cyber security professionals, Maryland. Oh, okay. Affiliation. I'll put this at the bottom. We wanna get to the meat. The meat  is the actual experience. So I'm gonna take this, I'm gonna put this at the bottom.
This is a great resume, by the way  this is right at this point, all I'm doing is putting my own suggestions in here  which he can  take it with a grain of salt. Like I, it, this, he could leave it just how it is and it would still be fine cuz he's got so much good stuff in here. The only thing I would  highly recommend changing is.
this right here. Cause you want this to have impact. And this to me, expert at administering desktop printers, and this is not a good impact. This is not tip in my mind if I was reading this and I was trying to hire this guy, I'd be like, eh, whatever next  I'm not trying to be mean or anything, but  just keeping it real with you guys so that you guys don't do the same kind of stuff on your resume.
 No flowers, just straight facts  keywords, stuff like that. Okay. Let's see. So job was at K force  to current. All right. Top secret clearance.  Let's see a C Splunk. Okay. This is actually  really good stuff. Support all activities on  as outlined in this 837, 1 37. Okay. All right. Not seeing a lot of impact.
But I'm seeing lots of great keyword, so that's good support all outlined in. Okay.  Review and analyze a and a as assessment and authorization.  Security controls missed overlays  experienced using administrative  administration of EAs. Okay.  So this guy, it sounds like he's like a  is O but  I'm not really sure what, cuz he names himself as a senior assessment authorization engineer.
That sounds like an ISSO. So another suggestion I would make is to possibly or use IFSO
information system security officer.  and then I'll just tell 'em here. That senior, what I'm trying to get at is it's a senior assessment and authorization engineer is uncommon, is an uncommon title is an UN uncommon title. That's all I'm trying to say. So you wanna use like a common ti, if you're gonna put a title up here, it should be a title that people know about.
And that also fuels your  your Google juice, your keyword  cuz the, and the thing, the reason why I emphasize on my courses  and whenever I do  these  resume suggestions, these are my suggestions. I'm sure other people have way better ideas than me, but these are just my suggestions.
The reason why I focus so much on keywords is because that's really what a lot of employers and a. Technical recruiters use as keywords re technical recruiters and the HR department. Who's looking for jobs and stuff. Typically  they're not a technical person in your field  every now and then a organization has the  resources to cut some technical guys loose and say, Hey, go look through all these resumes and screen some people and have 'em come in.
But typically what happens is your resources.  is your guys on the ground. You need them to actually do work.    You don't want them to go looking through a hundred resumes.  You want them to be working on cloud stuff. You want them to be analyzing data. You want them to be doing their job.
 You're gonna have. So that's why, what organizations do is they have people who are not low level workers. It's not the right term, but. HR  a screener from a whole, a third party organization, a third party company, they say, okay, look, here's our requirements. Please look through these hundreds and hundreds of different resumes and see if you can find us some good picks, just we gotta make sure that they have us    and CSM.
They have to be in information system, security officer  and see the thing is when they say we want a system security officer, they're not gonna know what a senior assessment and authorization engineer is  is that, does that make sense? So you wanna use the same language that people are using if everybody is using cyber security.
 The thing is I've been through a few iterations  of this. So first iteration, when I went into security, Everybody called the information assurance, like if you were doing risk management framework, if you were doing certification and accreditation, that's what they called it. We were called either certification and accreditation engineers, or we were called information assurance officers, or we were called like this, just  it's just an odd, that was like information AUR.
 What is that?  What they meant was security. You're security guy who does paperwork  essentially   you're a compliance guy that would make more sense, but then it evolved from information assurance to  what did they start calling it? It was information system security, then information assurance, and then they start calling cyber sec, cyber security engineer information.
 Change. And now the do D I think they are calling it like cyber surety or something like that. I don't, they keep changing the terminology, but you wanna keep up with the terminology people are using in this industry. So that way  what words to use for those HR guys or those screeners who are who's, who are looking for all these resumes.
And they're looking for that one keyword, they don't know what an information system security officer is.  All they know is that the employer said, Hey, we want an information system. And if so  make sure  that's you get this person. And so you gotta use those keywords. Okay. I'm gonna get off my  get off my soapbox here and I'm gonna continue going through some of these.
Yeah. Tony, I see your message here. Let me just finish this. Getting through this resume. This resume does not look bad by the way.  I've seen some really bad resumes. If you've been watching these for a while. I've been through a couple who were, that were really bad.  This one's actually pretty good.
It's got great keywords. My only main suggestion would be, I'd be really surprised if this doesn't get tons of offers. My only change would be to change this whole, this right here. This is just this just too much fluff.    Just get to the what. Okay. Let me just give you an example of what I would write here.
What I would do is I would say something like, cuz this guy has so much awesome skills. Let me just read through  what he's done before.  Let me see.  And now analyze  vulnerability data, multiple sources  using a cast and Splunk.    Okay.  Here's what I  would do.
I don't know how many years of experience this person has, but I would start off with my years of experience. I would say it looks like he has years of experience. Look  as a security analyst. Good Lord. Jesus. Why? What are you doing here?  What I would   I'm sorry guys.  I'm just, I'm a little frustrated.
Okay.   I would say X years of cyber security analyst work using tools such as is  Splunk. NEIS I don't know how to spell NEIS so he is gonna do a spell check NEIS.
He said a castle that's NSUs you wanna use? NSUs that's a real good tool to have.    And  let's see, EMA wait  and a grasp of
 No, not grasp, but  we wanna emphasize how much skills this guy has. Cybersecurity analyst work using tools such as eight years of experience or whatever years, experience analyst work, using tools such as Splunk S  with, okay. And okay, here we go. We'll say, and NEIS with a  with solid experience.
Implementing
 Risk management framework.
And we want to get that keyword in there. RMF, I'm gonna say N 800 also  key phrases with solid. Okay. Yeah. See, I would start off.  I wanted someone hit 'em right in their mouth.  I don't want them when they see my resume.  They're gonna stop reading all other resumes when I'm done.  That's your goal.
You want them to stop on your resume and not read another resume? Okay.    He, this dude got so much experience, like why is he saying all this fluff? That doesn't oh my God. Okay. So yeah, I would just hit him right in their mouth. Like I, okay. Then he wants to say.   Have I have a active security clearance now you might be thinking, Bruce, why are you saying clearance over?
He says it here already because we're using a different keyword. So up here, he said, active top secret clearance right here. We're saying active  security clearance. It's a, there's a difference. And we gotta spell it  by the way, there's a difference because it's a different key word. So somebody's looking for security clearance and they want you to have a  they want you to have a security, a secret clearance instead of top secret clearance.
They'll still see that you have a clearance period. They'll go, they'll be looking for a secret clearance. And they find a guy with an active top secret clearance. You know what I mean? So we wanna make the net as broad as possible. This dude's got so much incredible experience. That    there's a lot to choose from here.
 I would put something like this in here.  Okay. Okay.  Watch this. So we wanna put more about his in information security officer experience. So we wanna put ISSO with years of experience.
 See how I can't spell.  see. It's very important to do a spell check  all right.  Experience. If so with years of experience  getting  authorization to operate and with, for, and for multiple  information systems.
So I got a bunch of keyword in here. I got cybersecurity analyst. That's a keyword key phrase. We got Splunk. We got NEIS, we've got risk management framework. We've got N 800. We've got a O  we just want to hit all the buttons.  We don't want fluff. We don't. Oh, bilingual. This is a good one too.
This is  really good. And oh, by the way, I'm bilingual. Yeah. Super powerful. Bilingual opens up a ton more jobs for you. If  more than one language, any language it's gonna open up other jobs for you. So that's just something that to keep in mind. All right. So that's it with that one. I I hope that  that's helpful to, whoever's watching this  the idea behind this is  to get yourself in line with the market.
that's the whole thing. And you need  to do that. You need to tell people who you are. You gotta show people, Hey, here I am.  That's what marketing is all about. So you wanna market yourself. That's the whole, that's my whole thought process. Okay. Tony says, Hey bro, I have about seven years of compliance experience and I'm bored to say the least
I want to move into  security engineering and architect roles. How do  do you suggest I proceed? Wow. Tony  that's  I had the same experience. Like I, I had been doing it for  I don't know, 12 years or something, and I just got so bored with it. It wasn't a challenge anymore for me,  and I know that sounds ridiculous if you're getting paid  and you're, you got a secure job, but you need some kind of a stimulation. I got into it cuz I love technology,  and so I was doing this for like  years and years compliance  and I found myself losing my technical cuz I had technical skills and I started losing that because all I was doing was compliance stuff.
So I know how you feel. So what I did was I  I just jumped off a cliff man. Like I, and I don't recommend this to anybody, but this is what I did.  I took a job doing something that I was really excited about. I was looking for another position I was in between jobs and I was looking for another position and somebody off had a job overseas.
to do.  They actually, it was risk management framework.  I applied for that and I applied for another position they had for  a system security analyst.    I applied for the system security analyst and I didn't  I  of read about it. And it was talking about  using Sims and talked about using  tools like.
McAfee EPO  and  IDSS and IPS. And I was excited. I'm like, oh man, this is so cool. I've never even some of the stuff I never even touched before. So I was really wanting to get into it. So what I did was I applied for that job, as well as the risk management frame, I was fully expecting them to look at my resume for risk management and be like, okay, this is our risk management guy.
They didn't do that. They  chose me for cyber security. They looked at all of my old technical skills and they were like, okay, this guy right here  we really need somebody to do this work for cyber security analyst work. And they picked me up and they picked me up as a, like a junior cybersecurity analyst where I was learning   I wasn't like the guy, the main guy on the floor.
Doing everything. I was like, one of the people like learning different technologies and actually staring at a monitor, looking at the data, coming in, out of a network and analyzing, they taught me arc site. They taught me, which is  a SIM kind of like Splunk, a little bit of Splunk. They taught us  all these different tools, man.
I had a blast, I'm learned so much stuff, but  I had to learn, like I was like, I was fresh outta college.  had to swallow my pride and I had to  take, which I have no problem with, but I know that some older guys, especially if you've been in it for cyber security or it for a while  some of us  we've seen war zones and stuff,  so it's like, why is this kid telling me what to do? But I didn't feel that way. I was like a kid. I was like a little kid learning  like a wide-eyed little kid  oh    yeah.  Really getting into it and.  and then  my work ethic kicked in and I learned everything. I could, I absorbed as much information like a sponge.
And so I would, so that's what  what you could do. You don't have to go to another country or anything. Like I did  jump off a cliff or anything, but what you could do is just apply for  a junior level security engineering and architect role to get your beak wet  to get started  but keep in mind,  if you have seven years experience    you can't come in the door with the chip on your shoulder  oh yeah.
I already know that I've done it for 15 years and throw your weight around or no, you gotta be like a little kid,  and  that's what I love about it is that I'm learning so many things like you can like right now, if somebody, if I went to a firewall role, even though I've touched them before I know how they work and stuff, I don't know how to configure a fire.
I can't do that from scratch.  Somebody would have to sit down and teach. Like from, they'd have to teach me from the ground up. Now I'd learn very quickly cuz I have all this experience and all these other tools and stuff, but you I'd have to be open minded and learn what they're teaching me and not come in there.
Like I know everything and not knowing  I have to come in there, like I'm an intern fresh outta college and I'm willing to learn from this Pierce person. Who's more than likely younger than me,  so yeah, that's what I would do, Tony.  I know how you feel. I felt the same thing many years ago,  that path right there for the in terms of my career was a great move because now I have so many other doors and opportunities that have opened up over the years. And because I have this plethora of different experience  that I can pick from  I'm now a consultant. Like  I can consult on all these different things.
 I've touched so many different  technologies before, and I don't have to actually be an expert on each one, but I know the concept so well that I'm able to say, okay, I know how this works with this. And I can look at data and say, okay, this is what I'm seeing here    but yeah  what I would do if I was you Tony, and actually  that's what I did in the past.
 And I know how you feel. All right. I got some other questions here that some folks have contacted me about and I'm gonna answer them. So let me show you guys what I'm seeing here. Let me show you what I am seeing all. So I've got  a question. From my man. So Solomon H and he says  I received a contingent offer for wait  wait for security control assessor position.
And I'm proc I'm in the process of getting my clearance. I don't have a background in risk management framework or any cyber security compliance.  What advice can you give me? I'm relatively new in cyber security and only have one to two years experience as a system administrator. I know that my job will focus on security and privacy controls.
As I look over the, as I look over the next 853 documentation. I've enrolled in your course. And  so I can better understand an overview of how risk management framework works.  Is there anything else that you can help me with or give me any kind of guidance? Yeah, actually I really can help with this.
   I would say that  if you happen to be watching this, Sawman  as a system administrator, if you guys out there are system administrators, you should know. And especially if you're trying to go into cyber security, you should know that actually  you have many years of security experience.
So if you have set up a server before and had to put the patches on that server, that security experience, if you've ever had to do some documentation on the system that you set up  where you had to draw out a diagram, put that together and shop that around to the rest of the. The guys on  on the staff you've, that's cyber security.
 That's a little taste of all of these different things are taste of cyber security. If you've ever had to help the compliance guys out  and those guys that contact you and say, Hey, could you give me, could you give me  a blurb or some documentation about  what this security feature of the system is?
Guess what that's, you've actually assisted with cyber security compliance. If you've ever put a  secured software on the system, you put the software on there and then you had to update it. That's also cyber security, cuz you're updating the patches that could have been exploited  by a threat actor    so if you've ever put signatures on a system for anti-virus, that's also cyber security.  If you've ever.  Hard in a system like where, okay. Let's say that  the, there is a password protection on there, but it doesn't have upper and lowercase and it doesn't have, it doesn't have password complexity, but you had to go on the back end of the server and ensure that the whole organization    is enforcing  password complexity or enforcing  multifactor authentication or enforcing  audit logs to be enabled for anybody who's failed, a failed login attempts or anything.
All of those things. If you are a system, administrator are things that you could put on your, you should put on your resume as a cyber security person, cuz you have done cyber security. In fact, you have, I would argue you have done more cyber security than some. Have quote or quote unquote in cybersecurity who have not done any technical stuff.
And all they do is policy.  You've done more than them because  you're go, you're now be able to go deep in policy and deep in technical, the technical side, your skills are very much needed in this field. Now you said that you're going into security control assessments. So this is security control assessors from my interactions with them and having done this myself.
 We, the, you need a team of people who can assess different aspects of an organization.  Systems. What I mean by that is you're not just looking at documentation. You're not just looking at their security policy and saying, okay, looks like you've got  you've guys have a policy in place, and it's been updated on this and that date.
You're not just doing that. You're also ensuring that the organization is complying with their own security policies. And that means that you have to run things, do things like run scans,  so you might have to Polish up on your ability to run a necess scan or a, I don't know, name, a name, a scanner.
And you might have to know a little bit more about that, but I'm sure you'll pick that up pretty fast being a system administrator.  So that's one thing  yeah, learning the nest 800. 37 I would say  is another place to look. But if you're taking my course    that's gonna walk, that's gonna really touch on what you need to know for N 853  and N 837.
It's gonna really touch on those things.  And there's perspective of an information system, security officer. That course is actually really good for  for se, especially if you're new to that work.    Yeah, I hope  that helps.  That's a little bit of guidance for you if you're taking the course.
 If you happen to see  this  this video, Sawman any questions you have whatsoever, I actually are currently doing assessments for different organizations, so  I can help you out with that. Okay. I've got another question here. And somebody said    oh  wait.  Spade says  do you offer any mentoring  opportunities?
 Can you remind us of how.  we could work with you concerning career guidance and resumes if possible. Yes.  So spades, I get this questions like weekly now.  I do not do mentoring because I have a full time job and I really enjoy what I'm doing with teaching online, or I really am getting into it.
 I'm starting to meet other people. I'm learning stuff  from other instructors. I'm really excited about it. So I wanna spend my time doing that. But  what I can do if you're interested is I've got a bunch of courses. Let me just    show you what I'm talking about here. I've got a bunch of courses that you can sign up for.
Some of this stuff is actually free. So what I do is  I put out a course and I give a portion.  a portion of it free, and some are just completely free. Some from scratch. If you're learning this from the beginning and you want to get into cyber security, then this is a free course for you to shows you what to actually focus on.
It's  six hours along, by the way. It's not, it didn't start off free   but  I felt like it's time to help more people out  that really need it to get into this market. I've got something on resume marketing, like how I have been able to have a job  since I got outta the military  I've got so many opportunities all the time because of this meth method that I use, some of which I teach for free on YouTube, by the way, some of the stuff I tell you guys  is in this course, but it's a breakdown.
Let me just show you how extensive this is, this  many hours of content and shows you, and you can use it as a reference. You don't have to go through line by line on all this stuff, but  shows you what I do to.  Have so much success in my career  and continuously have offers from all different kinds of organizations and different industries related to cybersecurity.
And then I've got  a walkthrough of the risk management framework process from the perspective of an information system, security officer. I've got a deeper dive into that, of how to actually do the documentation piece and downloadable templates that you can use. And I'm sharing essentially my experience in this field so that you're not lost and you know where to go and how to upgrade yourself and how to make more income.
 Let's keep it real.  This is about taking care of your family and taking care of your being, having some stability, financial stability. I'm talking about how I've been able to secure  my life and my family using this career field. So that's what I'm talking about in there. And tons of it's free.
So you should, at least you should sign up. Check out the free stuff. If you like it. Now, if you do sign up, I do answer any of your questions. You I'm gonna set up communities there. There's lots more to come in 20 21, 20 22, 20 23  plan to be in around for a long time  and offering as much help as possible for people.
My wife's calling me. Sorry, let me  just turn that off real quick.   Okay. So yeah.  So yeah, I do not do mentoring just yet. Maybe I have a full time job. I love my job. I love, I know that's a weird thing to say, but I'm really having fun, like learning different things. And my, when I'm at work, I'm like really at work  I don't have time to do anything else.
I'm  really doing stuff. And  I'm doing, I'm just learning so much.  I do have a discord channel if you have, if. Anytime you want to question have que, especially if you happen to be a member of the site, if you happen to be a paying member of the site, I'm gonna go outta my way to help you out  in, in very deep ways    stuff that I, we wouldn't be able to share on here, obviously      if it's more personal or if it's more  related to specific things at your job, then of course I'm not gonna make a video about that.
 So  that's the kind of stuff that I do offer, and those are things that I can do on the weekends, like when I'm off work and things like that,  and  there might be a time when I'm on lunch or something, or just after work or whatever, I'm on, I'm off that day and I can call and we can have  a  I've talked to my students before on the phone, like we're just back and forth talking about stuff that's tailored  to their  life.
But as far as mentoring on a regular basis, I would take it extremely seriously. And I just, I'm not ready. I don't have the time and the day to, to dedicate to that.  To that.  So yeah, so that's where we're at with that.  Let me see  thank you guys for watching. Appreciate everybody. I got another question that someone asked me.
They said, let me switch this screen here so you can see what I'm seeing. They said, hello, Bruce. I'm interested in becoming an information system, security officer and was interested in your course and what guidance you can provide on what courses on your site I should start with. I was using Darrell Gibson, but  I think he's a real popular security plus trainer, but I know  the 5 0 1 expires on July 21st, 2021.
What books should I get for the risk management framework for the cap? Okay. So first of all, I am. Developing a cap course.  But that's not gonna be out for a while now, if you wanna know what book that I would use right now for the cap course, I can share that with you. I'm gonna bring that up real quick.
The one that I think is a really good one, it's not cheap. And     it's so expensive. I wanna apologize for how expensive it is.  but there's no  real op  alternatives to this book  that I've seen.  There's  there's just not a lot on the cap  and that's why a lot of people follow me cuz there's, that's not a lot of people talking about risk management framework.
And this is one of the few books that  that are out there that I think  are worth your time.  I have this book and it's, and  I'm reading through it and  it's really good.    As far as taking the cap, it's really good. I don't believe it's super practical. But I think it's a good book for the actual test.
When I say practical, there's a difference between if you're an it guy  this there's a difference between actually taking the test. There's a difference between taking the test and doing the work. And they're just two separate things. So that book right there is really good for the official guide to the cap.
 Common body of knowledge is a good book for taking the test.  Cuz they're hitting all the objectives line by line, they're hitting objectives. So that's what you want in a good certification book.  Objectives, if you didn't know, typically. What certifications I used to teach certifications.  So  what certifications do is  they have different domains, right?
Each domain has a different category, a broad category, like for example, C I  S P has, I don't know, seven categories. I don't know if this should changed. I took it a long time ago, so I apologize for my ignorance.  in advance.    Yeah. And I'm a CI  S P but  the, it has say crypto  crypto cryptography  domain.
And it has another one  that's related to security compliance.  Let's just use those as examples. So the cryptography one is gonna have different objectives that it's gonna hit. Like it's gonna have different things that they expect you to know.  And those objectives will be different.
From  the security compliance domain, which will have its own objectives that go deeper into the details of the concepts behind that domain. And when you take the test, what they do is they stick to those objectives. So if you know the objectives very well, you should be able to pass the test. And if you don't pass the test, you should be able to take it the second time and pass it.
 So yeah, that's a good book. And  and what was your other question part of your question? That's the book that I would recommend  for the cap, and then you said, was interested in your course and guidance. Okay. So for the course, for my course, I would recommend if you're trying to get, become an ISSO, the book is not gonna be enough to become an ISSO.
And this is the reason why I did, I started doing this online stuff is because. Nobody's really teaching this.  It's just, I guess  if you pay 3000 to somebody come out to your job and actually show you that way. Yeah. But no, there's just not a lot of courses that tell you, give your practical guidance on this stuff.
If you are going into it for the first time, I would highly recommend risk management framework, information, security officer foundations, which tells you what you need to know.    For the course.   Not for cap, it's not focused on cap, but for the actual work for ISSO work. So if you want a free preview to see if this is worth your time, worth your money, then just go ahead and log in.
 And this first part is free. So there you go. And then  there's just. Lots and lots of stuff on each one of the categories of the risk management framework process. So yeah  it's good for somebody who's just starting out who wants to learn this for the first time and maybe  you're an it person, but you're trying to get into risk management, but you are like, man, this I'm reading through the nest 837.
It just doesn't make any sense. I'm speaking to you in plain English and translating by the time you're done with the course. When you read through 853, when you read through risk management framework, 37,  you're gonna understand what they're saying. They just use a certain language that is just very cumbersome.
  I, myself, after years of this have to reread, sometimes I gotta read it over and over again. Cuz the language is not, they're not using every day speak like we're talking right now.  It's just, they use all this different, these different words that you don't normally see. And so you're having to reread it.
yeah. Okay.  Answered those two questions and I got a few people talking to me. Let me see, let me read a few of those and somebody's messaging me. Let me just make sure that this is not something important real quick. Okay. All right. So it looks like I'm gonna have to end this session pretty soon.  I got a honey do list to attend to.
Okay. I'm gonna read through these as fast as I can. As fast as my dyslexic brain can allow me to process this information.  okay. Says  spade says  I'm maybe five months into my first industry position  as a  tier one. Oh yeah. Tier one security operation center analyst. I guess I'm not exactly entry level, but I'm looking to make more, some more money.
   Yeah, I would. So one of the things that I did looking for a junior security analyst role. Oh, okay. So one of the things that I did that immediately made me more valuable and is  there's certain certifications. Now, one of my courses actually talks about this, but I can mention a couple right now, the certain certifications that lend themselves to making more money, like just off the top of my head, a CIS S P certification.
 And then there's certain skills  certain skills.    Actually let me name a couple other certifications, any kind of professional level certification  is going to get you more money. CI  S P the CASP CI SM C I S a CCNP. Those are our professional level certifications, entry level security certifications would be like security plus  and there's a few other ones, but    okay, so those are certifications.
 And then for skills, if you're in a sock that would be seam,  if    Splunk, if    arch site's not as hot anymore, but Splunk is super hot.  If  some of the IDSS on IPSS  if you're deep in the firewalls  if you can configure them hot  if you're Palo, Alto's a hot one.
 But if you're  it's security analyst works. So you're looking at more stuff. That's looking at logs.  McAfee products NEIS  is a good one.  But the top ones right now is still on fire would be  Splunk. Yeah, Splunk. And then another hot one, like it's getting more hot, I would say, would be cyber security.
 Cyber security, threat intelligence stuff is getting pretty hot.  Cloud computing. If you know that one, like more and more organizations are using it. So they need people who know some of the vulnerabilities of cloud technology.  What kind of gotchas that organizations fall into is another good thing to know.
So those skill sets are immediately get you in another bracket of pay.  I have to warn you though. Once you get to another bracket of pay, you gotta deal with the IRS, but that's a whole nother conversation. Okay. JJ says  I got hit up for a cyber security risk management framework engineer, long term remote W2 contract position.
I have no experience with the risk management framework. I'm guessing I got hit up because of my cyber security experience, clearance tips, and tricks. Do I have any tips and tricks for this?  You okay. Do you said I have no risk management framework. Okay. So if you ha don't have any experience in it  yeah, that's gonna be, I  if you want the job  I would talk to 'em about  taking you on as a, as somebody who's learning it.
 Just be honest with them and say, no, I don't have experience with this, but I do have risk. I do have cybersecurity knowledge and I have read through  the risk management framework, 853, I've read through 837. I'm familiar with it. I've worked with  Compliance officers before I've worked with information system security officers before I've worked with security assessors before whichever one of those is true for you.
If none of 'em are true, of course don't say that, but , if you, so the thing is  if you have experienced from cyber security, you have an advantage in that    the basic concept  of security, which is to protect the CIA  protect the confidentiality, integrity, and availability. You can just tell them you have a very strong foundation, explain to them that you have a very found strong foundation in your respective cyber security role, and then build from there.
So if you have a solid skill set in cyber security, even if you're a system administrator, just what you need to do is dig into your archives of all the times you've done. Implementation of security features on a system. I guarantee you have a solid set of skills, right? So with those skills, you wanna tell them, Hey, I know how to secure systems.
I know what to look for. And by the way, I know the risk management framework process. I've not done it before, but I know it now, if you don't know it, go learn it.  I have a course that you can go through, check that out that you can add, to be honest with you, you can probably just Google it and read through the risk management framework, 837.
I would highly recommend my course because I'm telling you exactly what you're gonna see and what they're gonna say to you and what they're expecting.    And I'd be willing to help you out. So just keep those kind of things in mind, tips and tricks. Number one. Build on what you already know as a cyber security person  confidentiality, integrity, availability, you've secured systems of before, more than likely you've worked with assessors and auditors before, more than likely you've worked with compliance people before you've done documentation before you wanna highlight all of those skills that you already have, and then tell 'em Hey, another  tip is to learn the risk management framework process.
Learn it by my course. Go ahead and learn, read through it.  Watch all the videos. You'll get a solid understanding of what the foundations of risk management framework are. Okay. I'm gonna move on to the next thing.  I'm paid member at the first as a first timer. How do I get a job? Because most of the jobs are looking for five years of experience.
So one of the things that I would highly recommend Cobi is to. Look for entry level positions. Okay.  Entry level positions, you gotta start somewhere and that start is entry level. Okay. So let me just show you what I mean by that. It's very simple. If you go, if you could follow along with me, if you want go tod.com, this is just one site, by the way, I use this one all the time, cuz  it's just so vanilla.
It's so vanilla and so easy to understand and so straightforward that it's feel like it's a really good teaching tool. Okay. So first off here I am in indeed, indeed.com. You're gonna follow along with me. Okay. Put your location wherever you're from wherever you're from. Put that in there. Next thing put  there's a couple things you can do here.
You can put ISSO there's a ton of key words you can use for this job. ISSO  entry level,
none  in this area.  Okay. Let me search somewhere all over the United States. Wow. It's just really going to town here. All right. So look at this information system, security officer work, most of the jobs, if you happen to be on the east coast, you should know that  you guys have all the jobs  you guys have  70% of all the risk management framework jobs.
I'm not even messing around with you, but  yeah. So you notice how all of these are Virginia. You can find a job, especially if you have a clearance. There's a couple of things that you have. You may have an advantage. If you happen to live on the east coast, you have an advantage. If you happen to have a security clearance, watch this.
If I put security  clearance, if you have a security clearance, you have an advantage. Cause sometimes they're looking for a person with a security clearance and they're they just get desperate, cuz there's just not that many people who have it. So they'll actually  pull you in and teach you if you have this.
Now, if you don't have a security clearance, another thing is you got, you could be eligible. For a security clearance.    Eligible means  you are a  a us citizen BLE. I cannot spell what the damn eligible.  my first and only language and I can't spell  eligible. Yeah. Now all I did was type in eligible and  and they, it immediately knows I'm looking for eligible active.
Oh wait, no, I'm looking for eligible.  Security eligible for security clearance is what I'm looking for, but it's coming up with active duty  okay. But a bunch of, so stuff came up eligible security clearance is what I'm looking for. Eligible security officer. Now these are physical security roles.
Okay. Here we go.  Principle means like you're a boss, so you don't want that.  information security specialists in an airport. That's physical security. Okay. This is mixing a bunch of stuff up here. Eligible security clearance.
Yeah, here we go. So  if you're eligible for security clearance, if this is another  another thing that's gonna make it so that you have a better chance of getting a job, the best thing you can have, of course, I'm not even gonna, I'm not gonna BSU  is experience. There's no replacement for it, but how do you get experience if you don't have it?
So you gotta go to entry level positions. Now, if you have zero.  if you have no it experience that is different. If you have some, listen, let me just be very Frank with you. If you have some it experience, meaning you are a system administrator, you worked on databases, you worked on cryptography, you worked on, you have some it experience.
You worked on workstations, whatever  you have a very good chance of getting in, into risk management framework. Okay. You have a very good chance. If you have zero, it experience, meaning you've never held a role at a company or a university or a private    or a government or anywhere that is different.
That is different. And the reason why is because risk management framework and security is typically not entry level. It's not like literally walking the door and start flipping burgers. Okay. That's not that this is not that kind of a job.  there's too much stuff at stake. There's too much trust that's involved.
 There's just, you're gonna be trusted with other people's information and assets. You're gonna be entrusted to know the secrets of that organization    where the vulnerabilities are. You're gonna know where they are. They have to trust you. So for that, they need a professional who has something to lose.
All right. That's why cyber security is typically not an entry level position.  I'm sure somebody out there right now is watching this saying, Bruce, what are you talking about? I'm an entry level.  I'm walking off the street and I'm a cyber security person. Okay. That's fine. But I'm just telling you typically, it's not something you walk off the street and you can do this.
That's don't lose hope. Okay. If you don't have it experience, if you don't, if you've never done any of this stuff before, there's a couple things you can do. People contact me all the time and what  the last time I did a couple weeks ago, somebody an educator contacted me and she said, Hey, Bruce  I really wanna get into it.
I want to be getting a risk management framework. I like what you're saying. It sounds cool to me. I wanna do it. She's an educator. She had a master's degree in education. She has very little or no it skills. And I said, Hey, you might wanna consider becoming a program manager, okay. Program managers work with it.
They, and in some cases they have to know our, they gotta know what we're talking about. They have to know some of our jargon. They don't have to know how to configure a server. They don't have, they don't have to know how to stand up a Linux box. They don't have to know how to reduce threats on a.  on a weapon system,  they don't have to do all that, but what they do have to do  is they have to have a certain level of maturity to manage a project and they have to have a certain level of  technical know how with things like office   so those are some of the things that you would, what I would suggest if you were trying to get in a high paying, very high, skilled, high paying job in it.
One of the things you can do is get a parallel job, which is a project manager position. It pays six figures by the way. Okay.  It's not a joke. It's no joke. Program management is no joke.    You can actually, even without an it experience, you can get in there and you can make upwards of six figures.
Look it up. Look it up.  It's a damn good job.  So yeah, number one, if you don't have any it experience at all, you gotta get it experience. You got, you have to, whether you're volunteering at your church, volunteering at your job. If let's say  you're a system administrator  you're a non system administrator.
You're HR, you're in the HR department, right? You work with people's w two S and stuff. You wanna get an it, but you don't know what to do. You don't wanna do a program management work. You don't wanna do that. You wanna do it. Okay.  Then you gotta start from the bottom. Imagine somebody walking in your job in your profession, off the streets, not knowing anything and wanting the keys to the castle.
Okay. With cyber security. That's what we're talking about.    You gotta, you, if you have no experience, you gotta get it. That means you gotta become, go to  help desk entry level position is what I would suggest if you have zero it experience, but you wanna get technical. Yes. Go into, try to entry level positions, volunteer, do it for free.
Cause that work that you're gonna put in for free fixing somebody's laptops at some corporation is not indentured servitude. It's. That you're building up experience. It's experience. You're slowly building up and putting on your resume, building up experience, putting it on your resume. Then that'll allow you to level up to another job, a higher level it job.
You do that by the way, while you're working on your security. Plus, while you're working on your a plus certification, a entry level position with an entry level certification, then once you have those things, now we're talking about months and years worth of work. This is hard work. This is not something you walk off the street and then suddenly you do it.
People are gonna entrust think, imagine your bank. Okay. LIS if you don't think it's fair, just imagine your bank, whatever, wherever you bank in the back, they have a security person who D who a cybersecurity person who has no experience, but they know where all the SU they know where all the vulnerabilities of the bank are.
They know.   Where the threats, they don't even know what threats are. They don't know what threats are, but they know there's vulnerabilities. They ran the scan. Do you want that person at your bank as a cyber security person who doesn't know what they're doing, who has no experience with it? No, you don't.
So I, when you're talking about cyber security, you're talking about somebody who's entrusted with the keys to the castle. They have to have something at stake. And that means you have to put in the work as an it for me to you. If you're an it professional, if you are trying to get cyber security, like we ha we are entrusted with something, with a lot of information  so you have to have something, you have to have some skin in the game.
That means time. That means you, you invested your own time and money to get to the skill set and the skill level that you're at. And you're not willing to risk it by making a mistake or doing something stupid. And I everybody makes mistakes, but. As you get to learn how to troubleshoot as you get to learn how these systems work, how to do backups  you begin to learn how to manage your own risk for your own profession.
You manage the risk to yourself and ran, manage the risk to your organization and the risk to the organization's information.  I hope that makes sense to everybody out there listening.  Let me see.  And I'm gonna, I gotta do a couple guys.  I gotta get going here.  I apologize for cutting this one short, but  let me see.
Can you get a ISSO job with a green card as a green card holder?   That is a good question.  Yes, you, you can, however  There.  Not, maybe not an it's gonna be harder to get an so job. Okay. But let me show you, let me show you my screen here. Let me show you how you can get a compliance job, a security compliance job with a green card.
So there are security, cybersecurity jobs  that have a  public trust clearance. It's a type of clearance, public trust clearance. It's a type of clearance that doesn't require you to be a us citizen. If I'm not mistaken.  Yeah, let me see, let me try this one here. And usually they'll say, Hey, you must be a us citizen.
They'll tell you right on there.  This one might not be, and it's not giving me that information. So this is a public trust. I think.  but it's not okay. How about this? Let's do this. Let's just be straightforward here. Let's just say, watch this cyber security    green card. They usually put GC as a green card, by the way.
Let's see cloud strike.  Let's look at this one. It will say in here. Yep. There you go. Right there. See this that's the keyword right there. See it says green card for clearance, us citizen or  green card for clearance. There you go. That's what you wanna look for when you're looking for positions now, do they do this for ISLs?
Let's see, let's just type in ISL. I don't, I've not seen a lot of green card holders be ISLs, but I could be wrong. Senior    chemist, see that see  is so  usually in ISSOs working for a high level government agency and they require that you be a us citizen. So that's why you, I just don't I off the top of my head, I don't know if any ISSOs, but I know that there's actually, I take that back.
So there's some corporations  there's some corporations who do ISSO work and they will hire a green card holder. But what I would do if I were you, is I would just
senior associate cyber risk.
See I'm currently working in an organization that  we have people from all over the world working with us. So I know for sure you can do cyber security, cyber risk in the us    without being a us citizen.  I know several people who that work on our team who are in that exact position, but are they ISSOs  we're not doing  those kinds of, we're not doing D O D type stuff.
So let me see here. I'm looking for, did I just pass it? Yeah, it's in here must be a us citizen or green car holder.  And most of these are gonna be, must be a us citizen, an our green car holder jobs. Yeah.   We couldn't find an ISSO position. That's green card, but you can find. All right, guys.  I have to go.
I gotta get going here.  Thank you so much for watching me. If you have any other questions, if you look in the description below, there'll be a place where you can actually join me all times of the day on holidays and weekends and stuff  on discord, you have any kind of questions. I'll answer. 'em when I can also  you can always email me.
   It's, cyberware 2020 gmail.com and  we can talk about  any kind, and I'll actually make a video sometimes about people ask me really great questions that I think could help many people. And you'd be surprised sometimes people ask me a question, but several other people ask me that exact same question.
So I know it's something that is relevant and I know it's something that needs to be addressed. So then I'll just go ahead and make a whole video about it. All right, guys. Thank you for all your questions. Thanks a lot.  Copy. If I didn't answer your question, please answer, ask me on discord in the linked description below    spades.
Thank you so much for that. I hope that's how you pronounce your name.  Marcus, thank you for your comments. I did not get to your comments, but    let, what I'll do is I will copy this and use this for another time. Another video. Thank you guys so much for watching. Join me on discord. If you have any, if you have a pressing question and we will talk.

http://convocourses.com
 
from Oct 11, 2020

http://convocourses.com
check out the video: https://youtu.be/TGrw5yT6sSY
 
Hey guys, this is Bruce and welcome to combo course podcast. And today we're gonna be talking about a few things. One of the things I wanna talk to you guys about is process versus prize or system over goals. And this really applies to everything in life, but we're gonna specifically talk about cyber security.
Another thing I'm gonna show you as a new book I'm working on. It's not, it's gonna be out. I don't know, probably within the next month and a half, I gotta get it edited and all that kind of stuff. I'm actually still writing it, but it's gonna come out soon. So that's. Something we're talk about, then I'm gonna open it up to any kind of questions you have about getting into this space in cyber security.
And in the it, I got a lot of people contacting me about how to get in this field. That's growing really fast or how to upgrade themselves and all that kind of stuff. I've been doing this for over 20 years. I'm a subject matter expert specifically in cyber security compliance. That's, what I've been doing for most of this time that I've been in this space.
And so if you have any questions about that, how to get in it, how to, what to do like specific questions even I can answer 'em on this live. All right. Let's get into this. First of all, I want to tell you guys that I have a site called combo courses.com where I sell lots of stuff. A bunch of courses, also books, and a ton of stuff for free.
If you are interested.  So if you're interested in that, go check out convo courses.com. Like, I said, lots of free stuff. It's free to sign up lots of training downloadables if you happen to be in this space I'm constantly giving out free stuff. I'm trying to build a community. And that's why, if you have question, why I'm giving out anything for free, that's the reason why cuz I'm building a community I'm, thinking bigger.
I'm thinking about making a community that helps itself and Built one of these before in a whole different genre. And it, works really well. So that's what I'm doing. If you're interested in joining that community, join me on, YouTube. Join me on discord. Join me on TikTok. Join me everywhere.
Combo courses, just type to combo courses. You'll find us out there where have a growing community of people that's coming together to learn this to, level up together to, get more to, make that money really. That's what it comes down to for take take, care of our families and take care of ourselves.
Okay. So what I'm gonna talk to you today about the first topic of discussion will be about will be about process versus the prize. A lot of people contact me about trying to get to certifications or degrees and which ones should they get and all that kind of stuff.  and it's really the wrong question and I don't fault anybody for it.
Because I was, I had the same kind of questions when I first started. You should be focused more on the process and this, really goes on everything in life. Your focus should be not on the prize, not on how many likes you get, not on how many people are watching you, not on how many people or how many degrees you're gonna get or, courses or any one thing.
It should be on the process itself. And we're gonna specifically talk about cyber security, cuz that's my profession, but this really applies to anything in life. Let me specify what I mean by using this an example. Lately people have been asking me about the a plus comp Tia certification and how do you get it?
Where, do you get it from? How do you know all this kind of, what kind of job can you get if you actually do that, all that kind of all those kinds of questions and is there's nothing wrong going for that certification or any other certifications. Absolutely nothing wrong with that. And I would encourage you to get it if this is your first time getting in, into cyber security, into it in general it's a good thing to get.
But what I wanna say is that the most important thing that you should focus on is the process of learning this the common body of knowledge that goes into it. And the reason why I say that is because if you focus on the common body of knowledge, if you focus on actually learning what you have to do in to get that certification, to get that it certification.
If you focus on that,  you'll have all the knowledge that you need to go ahead and take the Google support it certification. You'll have the knowledge that you need to actually go ahead and take the in network plus certification. You'll, have all the knowledge you need to actually spend your, whole your, whole resume.
If you actually learn the stuff that's in the comp tier a plus certification, right? It's just one thing. If you focus if you focus on just that thing, just that one prize, you'll get that prize, and there's nothing wrong with that, but I'm telling you to focus on the whole orchard. I'm telling you to focus on the seeds.
That's gonna get you like not just one certification, not just a little bit of experience, but expand your whole horizon and get you way more knowledge, way more certification, way more experiences and, actually get more from the fruits of your labor. To do that. You gotta focus on the actual labor, not the prize.
The prize is cool. I'm not telling you like not to get it. I'm saying expand like what you are, what you're doing by focusing on the work, focusing on the process itself, of learning the process of learning all the curriculum that's in CompTIA. And let me give you a specific example of what I'm talking about.
Let's go to CompTIA. Let's we're gonna use CompTIA a plus certification as an example of what I'm talking about. This is my, this was my first certification and this is why I promoted so much because after I learned that certification, I knew enough about computers to where I could get in this field.
And I was working helped desk for a while and I learned enough about troubleshooting and all that kind of stuff to where it, was able to expand my entire career. Eventually get me to working, making six figures and being able to take all these vacations and all kinds of stuff. But here's the curriculum right here.
And if you're listening to me right now, it's, I'll read it. There's nine skills that you have to master to validate your CompTIA, a plus certification, hardware, operating systems, software troubleshooting, network troubleshooting mobile devices, virtualization, cloud operational procedures, these, all of these things.
And these section, if you actually buy the book, these are the sections, some of the sections that'll mainly be broken into. And of course, it'll go more detail in each one of these areas. If you actually learn this stuff and not just go ahead and take the test and pass, cuz that's, actually the easy part taking the test and passing it you can actually go.
and take a bunch of just retake the test over and over again. And eventually you'll pass the test. I'm telling you to study the common body of knowledge and know and understand what's actually happening. Do go beyond just taking the test, go beyond just taking the questions and passing the test, go into actually setting up a lab in your house, figuring out how to put all that stuff together, figuring out your own network, figuring out how firewalls, whole space firewalls work, how's that different from network, firewalls, learning, all that stuff by maybe even actually doing it in your own home.
Maybe actually helping your community out. If there's an opportunity for you to do that, actually getting hands on to where you literally understand it, building your own computer, things like that, to where you understand it. So fully that the comp Tia a plus certification, when you get it is not a big.
It's your first certification. So obviously you're gonna be patting yourself on the back, but what I'm saying is if you expand your base and you understand this stuff, like you really deeply understand it, you can go then and go take other certifications, entry level certifications, easily like a plus certifications, the natural next step in your evolution.
And then the next thing you could probably take is a com is a Google support it certification, which will probably be easy for you, cuz you have gone so deep in the rabbit hole for a plus certification. I'm telling you to learn the common body of knowledge and learn the process, put the, put that work in and that will give you all your other, everything else.
You'll get all kinds of other prizes, not just the certification, right? And you might even inspire you to go get a degree. If you choose to go that path, you don't have to, but you could the process over the prize. This is book I read. A really good book. I encourage you to go out and get it. It's called atomic habits and it's really, it's a really good book.
And he, one of the things he said in the book was don't focus on the goal, focus on the system, creating a system to get that goal. And that's what I'm talking about. So if you focus on the process, that'll get you to that certification. You can get a whole bunch of other certifications and experience. If you actually understand how to build computers, how to build a network, if you actually have a hands on that you can do in your house nowadays.
So that's what I'm trying to encourage you to do super important. The next question should be how do I, get developed a discipline to focus on the work rather than just the prize? Because it's easy to work, focus on the prize. Like you're thinking about, okay, if I make this $65,000 a year after I get the certification, or if I can, if I, maybe I focus on getting I'll be able to get six figures.
If I get this professional level certification, and now I'm not telling you not to get six figures, I'm not telling you not to get a professional level cert. I'm not telling you not to get agreed. None of that. I'm not telling you that's the fruits of your labor. What I'm trying to tell you is if you focus on the actual process, if you work, if you focus on the discipline in that process, you can have any damn thing you want.
And what happens, what I've noticed is what happens is like when you focus on that discipline in this career path, all the people who I know who, are at this super high echelon is super high level. All these guys are highly accomplished because that's exactly what they did. They're more focused on like actually knowing and understanding how to do this stuff.
and because of that, all these other certifications are within their grasp. They have all these other opportunities and all of these other success factors that come in because they actually know the material. So well, that's where I want you to focus on. If you focus on the discipline of doing the process, then everything else you'll not only have the certification, you'll have several other opportunities to take other certifications, cuz you'll understand it so effectively.
And then after a while you notice a plus certifications is not that big of a deal at all. You'll notice that the does any certification is not that big of a deal. One of the things that I've learned on this path of just having the discipline to to, really go deep in this and become a professional level, subject matter expert in this field is that.
whenever I go to a new organization, they're always pat me on the back. I get all these certifications. I get all these awards I should say. And and I'm not telling you that to like brag or anything like that, cuz it's not bragging rights for me. It's bragging rights is that I was able to take care of my family.
It's bragging rights is I was able to take my family to Hawaii. That was dope. I do this for my family. I do this for to do better than just survive. And for me that's the greatest reward that I could ever receive because of that. I don't care that some giant company gave me an award, gave me extra a little bit extra cash because I, accomplished something within their organization.
When you I'm focused on the process of allowing us to have a roof over our head and to eat good. That's what I'm focused on. The process that it takes to do that means me studying sometimes late at night means me waking up a little bit earlier. Sometimes means me putting in the work that I need to do beyond motivation.
Cuz sometimes I'm not motivated. Sometimes I'm sick to my stomach and I don't feel like doing nothing. And I don't feel like getting out of bed. I, all I wanna do is watch YouTube all day and watch stupid videos. That's why , but what do, but I know that the discipline has to take precedence over bad habits, so once you get that in your head, once you start to develop this muscle of just having the discipline to get outta bed and go stay up late or do other things you need to do to make these things work. It, changes everything in your whole life. And I'm not just talking about cyber security.
I'm talking about everything in your life. . If you focus on the process and the discipline that it takes to do that process, you can do anything you want to do in this life, but it takes motor. It takes discipline beyond motivation. Motivation's not enough. You gotta have the discipline to do it. And that, and cyber security is no different.
So that's all I want to say about that. It's just something that I noticed about my own life. Anything that I've done in my life that was successful, but it came because I had the discipline to put, I put in the discipline to do it. If you go out and the discipline takes you to another level because, if I fail a certification, you only fell.
If you quit, I'll just keep taking it until I pass it. That's what I'll do. I won't. I do. I will not quit. I'll just keep taking it until I pass it. Once you get that discipline in you, nothing is gonna stop you. You're just gonna keep doing it. Okay. Anyway, let me tell you guys about Couple things here.
So if you didn't know, my name is Bruce. I run a site called combo courses. I'm building a community of like-minded cyber security, people who wanna teach each other, learn from one another. I call it combo courses, cuz it's a conversation between me and the community between us, the, between the community and itself.
I'm, building a community. I've got 10,000 followers on YouTube. I've got a few followers on on Facebook. I've got a few followers on my Facebook group on, discord, on and starting to build a community on TikTok where we're just helping each other out, learning from one another and building up and that's the, ultimate goal to this whole.
If you're interested in learning more, you wanna follow me go to YouTube and then go to combo course type in combo courses. You'll find me there where I talk about all things related to cyber security. Talk about how to get into this field. I talk about how to do risk management framework, which is my specialty and, security compliance.
That's what I mainly focus on. If you're interested in getting more out of this, I've got a book out there. That's related to my actual specialty, which is risk management framework, where I talk about the security controls that go into N 800 risk management framework. I've got one that's foundational and I've got one that like foundational, meaning you don't have to know anything.
You just listen to the book. I got it on audio by the way. Or, you can read the book and and, learn a little bit more about that.  And it's so popular that people are literally copying my book like this dude copied my book and is selling it. He copied my book and selling it as his own anyway.
So it must be good if that's the case. I've got two books out there. I'm building more than just a book. I'm building a entire community. I'm building a a, an entire something where you can talk to me directly. You could talk to me directly and ask me specific questions about how to do this. And I think that's why a lot of people have been following, because I answer questions that they ask me.
So if you have any questions whatsoever, feel free to con to call up to email me, or you could actually ask me a question right now. If it's related to cyber security, I'll do my best to help you out. And, that goes for everybody in this community. I really appreciate all the people who've been following me.
I appreciate all the questions. I appreciate all the accolades, all the. Great comments that I've gotten on my book. It's, really been a great, a very rewarding thing to see people actually commenting and, leaving positive comments on my books and stuff. So that's really good. If you didn't know, go to amazon.com type in risk management framework or Bruce Brown.
You'll see my book there. And I also have a site called combo courses. I have a podcast I'm doing at least once a week. I've got I'm on YouTube doing combo courses. So follow me if you're interested in this kind of content, if you're interested in getting the it or a risk management framework then, follow me.
All right. And I'm gonna show you guys a glimpse of the book then I'm writing right now is how to improve your resume and, be able to get people to contact you. Cuz that's what I've been doing in the last few years. Reason why I've been able to get all these jobs quickly. Okay. Deru has a question on YouTube.
He says, Hey Bruce, what resources would you recommend for keeping in tune with the latest. And updates in cyber security. And I would say de truth. That's a good question. By the way, I would say that really depends on what categori category, sorry that you have in cyber security because there's many different cat cyber security is a huge category.
It's huge. Like it's a huge field. It's a huge umbrella. You've got everything from risk management framework to you've got cyber threat intelligence which, does threat hunting. You've got you've got Intel, which is considered a part of cyber security cyber Intel. You've got forensics, you've got all kinds of different branches of cyber security.
So it really depends on the branch. Now, if you want an overall of all cyber security, I could tell you, I could tell you some of my resources. And then what I'll do is I'll break it down into different genres of, cyber security, the ones that I know. All right. So first the first really good resource would probably be the CIS A's website.
CISA is a government site not, the actual certifications from Isak. I'm talking about csa.gov. And so CS a is cyber security infrastructure and security agency. This is one of the most one of the best resources. Let me just switch my camera here for TikTok, for those who wanna watch. So this is SI this isa.gov csa.gov.
And these guys are one of the best resources for things that are going on mostly to the whole United States, like federal government, state governments. If there's a huge hack, you'll see 'em here. Pop up here. You'll also see different vulnerabilities that come out like the big ones, different malware.
Like right now here they have 20, 21 top malware strains. And then they've got a blog here with the newsroom. Let's just go to, let's go to this one. This is dated August 31st, and this is SAFECOM publishes 2022 SAFECOM strategic plan. This is all like federal type stuff. So if you are in the federal space, this is one of your best resources.
Let me see what other resources are there? Other places you can go if you happen to be in vulnerability management are the people who like manage they manage let me see if I could switch. Oh, you switch it like that. Huh? Oh, that's cool. So messing around with TikTok , that's what I'm doing in the background.
So vulnerability management, that's people who take care of their organization's vulner patches, right? PA there's patches that are always coming in. And they have to update 'em. So one of the best resources for that is probably CVEs is a huge database of all the vulnerabilities that are popping up throughout the industry.
That's through a vendor it's all vendors. So it's not any one specific vendor that being said, vendor. If, you have say Microsoft patches, then the best resource is Microsoft for, their most recent vulnerabilities in how to fix 'em. And then if it, if you have a Cisco device, it's Cisco.
That's the best place for the most current things going on with Cisco. And if you have an apple product, same thing, like if you have a Macintosh, you go to the vendor, but this CVE site is really good because it has a huge database. That's constantly being updated to inform you of what is going on for vulnerabilities.
Let me see if I can find a really good breakdown of this. Let me see, where do you normally I find the individual CVEs from the, from Google. Let me see CVE resources. Okay. Just trying to find like a specific CBE that I could show you here. So yeah, CBEs are good for for, actual vulnerabilities and then there's Like I said different branches of cyber security.
So each branch has its own like group of resources. Government has C I S a everybody in a lot, everybody in the government goes to C S a site. And they have the most recent APTs advanced, persistent threats, most recent vulnerabilities, all that kind of stuff. What's what the government's doing.
Like what, where we should be focusing our energy. What it's, really good resource. And CVEs, this is like a huge database of, all the places you want to go for vulnerabilities. And I'm look, I'm still looking for the actual database  of the actual vulnerabilities. Let me just, okay. See CVE I'm on Google right now, typing in CVE.
Let me see a specific one would be iOS CBE for I iOS. They have a vulnerability data database that has every single vulnerability you could think of. So this one's for iOS 15.6 and at this is going straight to apple site for 15.6, a recent kernel update and web kit update that they have. And it's for CVE 2022 3, 2 8, 9 3.
You might be familiar with this one, but I'm gonna type that one into Google. And it goes straight to the CVE site that I was just on. And then it'll have a breakdown of, how it affects other things. So this is one of the best resources that I, was, we were using a lot in almost every place I've gone to.
We use the same thing, private sector and. Public sector uses this one. Now, if you're in the department of defense, let me show you like department. See, it really depends on where you're at, but department of defenses, best resources is called dissa. D I S a DISA do mail. Okay. So D the DISA mill website has some of the best resources as far as how to fix your system.
They have the STIGs the, security test security, technical implementation guides, one of the best resources on the internet even, the private sector uses it. That's how good it is, but this is a really good resource for department of defense and actual federal government. And it's so good.
Recently it's gotten so good that even, the private sector start using the STIGs. So yeah here, it is right here. Here's the news that they're always releasing different stuff. That's related to department of defense, mostly. But. Their STIGs are incredible. Their training is ridiculous. It's one of the best resources.
It really depends on what branch and what area of cyber security that you're going in. But so I, hope that answers your question de truth. Specifically, what area, if you tell me, what area of cyber security you're in, we could find like a really good resource for it. Okay. I've got a question or comment on, TikTok.
They say, Hey, hi, Bruce. How difficult is it to travel with a security clearance with, or without a job? This is a great question. Okay. The question is how difficult is it to travel with or without a security clearance? It's not difficult at all to travel with a security clearance. It just takes a little bit of research on your part.
It depends on the, on your clearance. So Deru thank you so much for that 19 bucks. I appreciate you. So let me, this is a really good, this is a great question. I'm glad, so glad you asked me this question. So let's answer this now. I'm speaking from a person who's had a public trust, which I have right now.
I've had a sec, a secret clearance, and I've had a Ts S E I clearance. And I've known people who have a higher clearance than me. And I could tell you there's there is a difference. Alright, how difficult is it to travel? It's not difficult. You can travel anywhere you want. However
I'll start from the highest and go to the lowest. Okay. So a friend of mine and I won't name names, I won't tell how, what kind of clearance he had. I'll just say it was a hi, his clearance was higher than sci this. If you wanna Google what that is, then just research it for yourself. Just go to Google and type in high clearances.
High top secret clearances. He had one of those. He had something above that, and this dude could barely talk about what he did. He was very guarded. He said that they tapped his phone. Like they knew where he was at all times. It's it is the most ridiculous thing I've ever heard. It's preposterous. I said I would never work for an agency that does that.
They openly told him, Hey, by the way, we are tracking you we know where you're going. Here's and then they told him there's places you cannot go. It's, there's places you couldn't. And then when he named the places, I thought he was gonna say oh, I can't go to obvious places. Like I can't go anywhere near Iran.
I can't go to there's certain places in some, countries in Africa, you can't go there's certain places in. But then he said he couldn't go to certain parts of the Philippines. I was like, what? There's certain parts of the Philippines. He couldn't go because there was terrorist activity there.
And I was shocked. I'm like, I never heard of nothing like that. I didn't for a second. I didn't even believe him. Then he started breaking it all down. Cuz there's like some kind of terrorist threat and some part of mening now I'm like, are you for real? And then there was, they even questioned people.
He talked to whenever he would go overseas. So they weren't. And then a lot of times they weren't saying you can't go, but if you go overseas, you gotta tell us where you're going. You gotta tell us who you're talking to. That's the kind of clearance he had. All right. I don't like, I don't know much about that.
I can just, all this is hearsay and bullshit. Okay. So do your own research on that one. I'm just telling you what this dude told me. Let me tell you about something. I know about the clearance. Like I had to tell top secret S sci I had a secret clearance and I had a, public sector. I'm gonna tell you about those three.
All right. So in my experience, number one, there's no, they're not restricting me to. To most countries, the countries that I'm restricted to go to are obvious, and most, Americans should not go to these places. North Korea. Don't go to North Korea. Just don't. If you wanna know why just Google it, just do your own research.
Don't go. It's just stupid. It's just dumb. Don't don't do it.  just don't especially if you used to be in the military, just don't do it. I don't, I just, anyway, I'm saying that because people have done it, you probably might be thinking like, why would nobody goes to North Korea?
People don't do it. Iran. Don't just, don't go. The us. And unfortunately it's unfortunate that our countries cuz it's a, it's an amazing place with amazing.  amazing human history is happening there. And it's a shame that our governments can't work things out to where human beings can't go to certain parts of the world.
To me, it's just dumb, but if you have a clearance yeah, they monitor that there's certain countries you really will lose your clearance over. There's certain places in there's certain countries in Africa that you can't go certain countries in Africa. Can't go, cuz there's too many. There's a list.
Normally when you go to an organization, they'll have a list of places that you, they recommend you do not go. And so when you're, when you have your clearance, you're at this organization, one of the first things you should do is figure out what those countries are and what the policy is for your organization that you're working for.
What policy do they have that says, okay, you cannot go to these places. And here's why, and the reason why that you can't is because of this thing called I a R. And so I a R is. Oh Lord. What is the acronym? I a it's like international. If you guys know what it is, please let me know. I can't remember off the top of my head.
I a R is international trade arms. It's okay. Here it is right here. International traffic, and arms regulations. It, doesn't like this, the name of it doesn't fit. What it does. That's why it's confusing because it's not just arms that they're tracking. It's like all kinds of techn technical goods and, certain technologies.
And I of understand why they do it because if you look at a country like China, China steals a lot of in an LA. This is not, cap. This is not conspiracy. This is real China. And other countries will steal certain technologies from us companies. They do this on a regular basis. It's a pretty smart move.
I think they steal your, their, I. They've done it to Google. They did it to Google's search algorithm. They did it to Cisco. They did it to they stole the, that what's that jet. Oh my gosh. The joint strike fighter, they stole all the, they've done it to multiple successful organizations.
And not just in the, to the United States. China's just one example. All countries do this, all countries do this to one another, they still intellectual property. And then they either implement it or do something in their own country so that they can get a leg up. But a lot of people do this to the United States cuz of the United States, regardless of weight, how you might.
About the United States. It has some of the greatest innovations on planet earth. And it's because we're living in some sort of golden age where all this stuff is coming out. Like eventually this is gonna die out. Eventually all the ideas are gonna shift to another part of the world, probably China or something.
But right now us is in this place where all these inventions are happening. Mostly from even TikTok, TikTok used to be vine. You know what I mean? Like this idea of TikTok was taken from vine. They looked at vine and said, wow, that's successful. And then they reengineered it, made it better. And, then absorbed musically.
And then now you have TikTok, vine started in the us and I don't know, like what's going on in the us. Why there's so much innovation, why there's so many, I think it's because the, in my mind I I know it sounds.  stupid conspiracy theory, but, or some kind of stupid faith patriotism, but it's because we're, there's freedom here.
There's freedom to think what you want and do what you and make mistakes. And that's why there's so many innovations here, I think. But if and if you, travel the world, like what's weird, what's crazy. When you travel, speaking of traveling, you see how much influence the us has on other countries.
You see how just going like Philippines. I was in the Philippines like last two weeks ago, three weeks ago. And everybody's wearing Fu boo shirts. Fu boo is a us brand from diamond. What's his face? Not yeah. Diamond that billionaire the, billionaire on on shark tank, that dude came up with that brand and that thing's all over the Philippines.
One of the most popular brands in the Philippines, you're walking through the mall and. I'm just saying like the influence that the us has is crazy. So one of the things that they, that country like different companies will have you do is Don not do not take our intellectual property to these countries.
They'll have a list. Don't go to those places. If you value your career, look at what their policy is and adhere to it, if they're saying, do not go to these countries, don't do it. So that's what I'll say about that. It doesn't. So to answer, go back to the question. went off on the tangent, the que original question from, to was how difficult is it to travel with the security clearance with, or without a job?
How difficult is it? It's not difficult. You can go wherever the hell you want. The problem is there's certain countries. If you go to go there, if you have a high enough clearance, you can lose your clearance. And they'll have a bunch of questions at the very least. They'll have a bunch of questions when you get back and they'll know where you went.
What you can do is before you go, is you tell them I'm going here and then they'll have a list of things that, that they will, that they'll say for you to do or not to do. Is it difficult? No. Can you go, yes. Can you jeopardize your job? Depends. If you, violated that, that organization's policies and yes, that you can lose not only your clearance, but your job as well.
So just keep that in mind. Somebody on TikTok said, Hey, yeah, they they're incredible at reverse engineering facts, Then in the Chinese, like in my mind, Chinese are the smartest human beings on earth. The Chi the Chinese are ha they're you say what you want, but man, they're in a they're I don't know, like it's so smart to steal.
Like this is the smartest thing. You can do steal a billion dollars worth of research, take it to your country. And then boom, you have by. You have WeChat, you have TikTok. How smart is that? That's brilliant. I am a lamp seeker says you might end up with a polygraph. Oh yeah. A polygraph test.
So one of the things that will happen is that you come back from your trip overseas and then they'll give you, you a polygraph test where they'll ask you a bunch of questions. Have you talked to any foreigners? Did, any foreign person come up to you and, ask you questions? This is just what I've heard from the, my, a friend of mine who has a high enough clearance to where they ask those kinds of que that's of what happens if you have a high enough clearance.
So do your own research. If you happen to be at an organization that has clearances and stuff, and you're dealing with sensitive information, look into their policies, look into I a R, which is international traffic in arms regulation.  It's, not as bad as you think norm normally it's gonna be obvious places that you shouldn't go anyway, as an American citizen, it's just, you're jeopardizing yourself.
know, I'm just being real with you. Don't, there's certain places you shouldn't go. If you want to know what that list is, you can probably go to they have a list of them on us embassy. The, state department has a list of places that they recommend. You don't go. If you have a clearance, you should probably listen to that list.
Especially if you have a high enough clearance. All right. Let me ask, answer another, read some more comments here. Deru thank you so much, sir, for that, that 20 bucks, I really appreciate you. It says, I appreciate all you do. Your courses have helped me tremendously to learn risk management framework for my everyday duties.
Thank you. And please keep up the great work and teaching people, man. Thank you Deru I really appreciate you, man. I appreciate this community. Thank you guys for watching me for all these years. Much appreciate it. All right. Let's keep going. I'm gonna answer a couple more questions. I'm not gonna be on here that long on this one.
Feel like I said what I needed to say, but if you guys have any questions, I'll stay as long as we have questions. Let me see I'm going on YouTube right now and answering some questions from there. Have a very lively, active community on YouTube. If you're interested in getting diving into this. But I have one, a couple comments on, TikTok says I agree with you.
you have to have some permission to go to some certain countries. You might get a polygraph. Wow. Yeah. He, this guy knows what he's talking about. So speaking back on, on this security clearance issue, not enough, really people really talk about this. And that's why I think I get so much traction on, YouTube and social media when I talk about this kind of stuff.
But he says he says, he, when I was, what I was saying is if you travel with a security clearance, you should get permission. The right thing to do is to talk to the organization. Okay. That's the safest and right thing for you to do. If you have a clearance, if you have anything I say above a secret, if you happen to work for, even if you don't have no clearance and you're working for a, an organization who deals with sensitive information, especially if you're trying to work from those countries, like you should really think about doing this, talk to the organization first and say, Hey, next month,  I'm going to Thailand next month.
I'm going to Indonesia. I'm going to Columbia, wherever the case may be. Just let 'em know. And what'll happen is because I've done this before the HR department will say here's a pamphlet of places. You shouldn't go in colo while you're in Columbia or you shit, you can't go to Cuba  you, can't go there.
Here's why. And you might not agree with it. You might think it's stupid and maybe it is. But the point is, if you try to go, you could lose your clearance and your job in certain places that you go to. And then he lamp seeker says they might do a polygraph test on you. Like when you get what he means is I think this is what he means.
This never happened to me. When you get back, they might ask you some questions and hook you up to a polygraph test to see if you're lying.  I'm not that's isn't that crazy? That's never happened to me, but a couple friends of mines that happened to that have a high enough clearance that, that happened to I'm like, wow, really?
Yeah. So just be mindful of that. You can go. But the right thing to do is to talk to your organization before you go and do your own research too, look at their policies, right? If you don't wanna say anything, you want your own privacy, whatever, do your own research, because they'll have a policy that tells you flat out, Hey, look at the HR departments travel.
They have a travel guide for you. Look at their read that thing, especially in the foreign country, foreign travel, read that, and they'll have a list of do not fly. Like you cannot go to these places. And here's why I a R whatever the case may be. Here's why you can't go. Or they'll say you can go there, but avoid these places, or you can go there, but.
Don't talk to you gotta avoid talking to just any random people coming up to you to asking you questions. And the reason why I say that is because one of the tactics that organizations from a foreign organizations will do is they'll have a casual, fine looking young lady. Come sit next to you at a bar and start asking you a bunch of questions and get real, real intimate with you and ask you a whole bunch of questions to get more and more information off you and try to date you.
If it's really serious, they'll date you like a damn spy and get even more information while they're dating you. Right now, you have a long distance relationship with a person who works for the CCP or something. If you think that this is crazy talk and spy talk, this actually happened to a couple Canadians, happens to Canadians and Americans.
You don't believe me. Look it. Like they work for the government or they work for a high level organization or just an organization. All these innovations they'll get really close to you. Then they'll start asking a bunch of questions. Just be careful. All right. Lamp seeker says, keep up what you're doing.
Thank you, sir. I appreciate that. It says even a secret that you have you have to get permission at least 30 days. Oh Oh. you're saying if you have a secret clearance. Okay. Okay. Listen to this. Here's some insider information right here. If you have a secret clearance, you have to get permission at least 30 days ahead, and some require 45 days or more.
So the right thing to do, and he says I'm an ISSO, but I was in industrial security for 15 years. Oh, here you go. Right here. So these guys put me on a game, like people like this is combo courses right here. This is what I'm. This is why I do this. People like this dude right here who come and educate me.
This is a great opportunity. A teaching moment. So I didn't know this. So listen to this. If you have a secret clearance, especially if you work in cyber security, right? Regardless it, if you could work in the hospital, sweeping floors, if you have a secret clearance, he's saying some organizations require you to let them know 30 to 45 days in advance.
And he's saying he's an ISSO, but he used to work in industrial security for 15 years. Industrial security are the guys who are really, deep into things like I a R really, deep into things like personnel security. So this guy knows what he's talking about. When one time I was doing it live and I was like, I don't know, I've never had a polygraph test and I don't know how it works and this dude just schooled me on it.
And I was able to, we were able to push that information out. So other people know information about a polygraph test. So I really appreciate that. Thank you, lamp seeker, great information. And he says, especially if you didn't get permission yeah. You gotta get, you should get permit. That's the right thing to do that's the right thing to do.
All right. Let me answer some questions on YouTube. And in Deru adds to that conversation, he says, always talk to the FSO of your company. And that's a correct me if I'm wrong, but facility security, officer functional security officer functional FSO is like a security person. Who, does secur personnel security.
Like they, they make sure that you, if you're gonna travel somewhere you're read up on any kind of issues that going on in that country. If there happen to be any things like that you, have to have situational awareness. You should know what you're just getting yourself into. If you do go to another country.
And that's something that I've been really good about, I travel quite a bit and I've been traveling even when I was in the military, I would travel. And you it's really important to know situational awareness. And let me just give you a couple stories, cuz I've been traveling since I've had up to top secret clearance and I've traveled extensively.
I've been to 15 different countries. And while I had clearances while I was working in the private public sector and I, know a little bit of something about this and I'm, gonna tell you a story. So when I I was in I used, I was stationed in, Korea. I was stationed in South Korea and this was in year 19.
I'm dating myself, but it was in 1,998  to, the year 2000  yeah I'm, a little older than I looked. Yeah, I was stationed there and I would just go off base. I would just roll. I would just roll off base. I was in Kusan and Osan that area. And I would I was actually in working in security.
I was a, I was physical security at the time. I was a security force member in the mil, in the military. That means I was military police as probably the thing. Everybody understand really. I was weapon specialist. I was high level security guard anyway, so I would just go on. I learned Korean onion, AHI come, Sony die.
I learned some Korean and then I'd get in the car. And the taxi, and then just go, and so the problem with that is that there's certain places in Korea that people don't really didn't at the time and probably same hated Americans at the time. There was a bunch of colleges that how colleges are, right.
There's just a lot of younger people and influenced by a, like a rebellious mindset. And they, it, bottom line is they hated Americans and they blamed the us for dividing the north and South Korea. And the reason why I know this for sure is cuz that's the red Eric. They were saying when they were out there protesting at the colleges and also that's what some of the gate guards, I would have to work with Korean.
The Royal the Republic of Korea army and air force, I would walk, I would talk to 'em. Some of 'em were really cool and taught me Korean and, I would talk to 'em about English and hip hop and stuff like that were really cool, but some of them hated me and they would not say three words to you.
And I would still talk to those guys and they would flat out telling me I don't like Americans and I'm.  and a little bit in Korean, why don't you like us? And they would tell me you guys divided the us government divided our country in half. And you guys are the reason why north and south are no longer speaking to one another it's you are the reason if you guys left, we'd be able to unite Korea and I'd be like, what?
I'm like, that's not what I was told, and I was like, then I thinking are both of us being fed propaganda for our go from our governments? I was just thinking about all this stuff long. Okay. Let me get back on track. So I'm off base and people are super cool with me. I'm some black dude in, South Korea in the middle of nowhere.
Nobody can speak English. I'm speaking, my broken ass Korean and people are super cool, but it's the older people who are. Younger people hated Americans. And so at certain places that you would go get back to base and I was cool, right? I just met a couple. I had this great experience in Korea and everything.
I was just like, happy but I get back to base and they said, Hey there was a dude who got killed. There was an army dude who was in the wrong place at the wrong time. And this mob of Koreans killed him because they were having a protest. And I don't know what this dude was thinking, but he was walking by college and this mob killed this dude.
And they were saying, do not go to these places. Here's the this area here, and this area here, if you are an American, do not go here, period, you are not allowed to go there. And they told us why they, killed more than one soldier who would happen to be near those. You might, they might have had a girlfriend there.
So I don't know, but these dudes were killed and I was like, damn. Luckily there were no not big colleges where I was at, but just situational awareness. You gotta know what's going on. So whenever you go off base, whenever maybe you have nothing to do with the military, you just traveling abroad or whatever, just know what's going on.
I'm not telling, I'm not trying to scare you from going abroad, man. You should definitely use leave the United States and go experience the world. Experience, humanity, experience other cultures, man, it's gonna open up your eyes to a whole different I'm different, man. I'm, I've been to several countries.
I've seen extreme poverty. I've seen extreme wealth. I've seen I know that the us lacks heavily in certain areas that we shouldn't lack in, but I know that we, that the us is so successful in or other areas. The U. The world is not what you think it's, way beyond what you believe or watch on TV or whatever.
Like you gotta go there though. I'm not trying to scare you into not going, but I'm just saying have situational awareness. One of the things that military taught me is you gotta know what's going on for your own safety and security. Read the news that's going on in that country at that time. See what's going on with that country.
I'll give you another story about situational awareness. Not too long ago, like maybe five years ago, I went to Thailand and I was in Thailand, me and my, wife at the time we were chilling. We had a great time. We I'd been there like four or five times or something. I've been there total four or five times love Thailand.
I've been to two different cities there and stuff. I just, the people are great, man. The the, monasteries I went to the monastery seen that sleeping monk. There's this giant like sleeping monk a sleeping Buddha ah, man, this is just amazing. I went to old Siam, which is now called a Utah. A beautiful place, man.
The people are so nice. I man, anybody who's never been there, man should try. It is check is so amazing, such an amazing place. Anyway, me and my wife at the time we were there, we're hanging out with chilling and we had a great time. We go to leave. We get on the plane and we're leaving. We are on the plane leaving.
And then as we are in the air as it's taken off, we learn that the, country just had a coup and they shut down the airport. So we, might have missed that coup by about 15 minutes, cuz we were already boarded and flying and they shut the airport down and nobody could leave. I had no idea this stuff was going on.
I was just there as a tourist. I didn't see any protests where I was at. I didn't see any of that stuff, but a little bit of situational awareness for me. Would've let me know. Hey, there's something going on?  I had no idea. And a lot of times, as a foreigner going to another country, you're totally clueless on this stuff.
Always have situational awareness, no matter what, whether you have a clearance or not, whether you work at a company that has sensitive information or not always know what's going on in that country, what's hot. What's going on, where not to go, where to go. You could find all this information on the internet a great resources would be the, embassy website.
They have, they usually like a breakdown of alerts and warnings of places and what's going on. They sometimes they're kidnapping Americans there. You know what I'm saying? Depending on where you go,  this certain, it's like any places you go it's if, somebody flew to the us, like the first thing you wanna know is like where, right?
So they could be going to Hawaii and having the time of their life, or they could be going to Detroit and about to get get got in certain places in Detroit, not saying all of Detroit's bad, but certain parts are not so good. Like you probably don't wanna go to Chicago O block on the south side, not a good look, not a good place to go.
And even people on O block in south Chicago will be like, no, don't come here. Do not, this is not a vacation spot.
all right. Let me see. Somebody said please, do you think that you can use that? I can use my PMP certification to get a job in cyber security cyber security space in the us. Are you not in the us right now? If you happen to be watching me right now, I got a question on TikTok. They're asking me do I think that they can use their PMP certification to get a job in the United States?
So it depend like you gotta gimme more information. Okay. So if you have a PMP, so first of all, congrat congratulations, PMP is an awesome certification. I know several Several cyber security. People who have a PMP who have a PMP who they got it because it's a lucrative certification. So congrats on that.
Can you get a job? Yes. The answer is yes. You, can if you're not in the United States, it's probably gonna take a little bit longer because you gotta have to get a remote job possibly I'm I don't know your situation, but the answer is yes, regardless of the situation, it might not be the job you want.
It might not be the money you want, but let me just let, I'm gonna demonstrate this to you right now live. Okay. What I'm gonna do is go to a common us website. It's called indeed in the us. You've got every country has top search engines that you gotta go to. If, you're trying to get a job in UK, the UK job search sites are not the same.
Are not gonna be the same as the ones in the United States are not gonna be same in India. Not gonna be the same and pick a country. They're all different. So the first, one of the first things you gotta do and whatever country you're going to is find out what are the top search engine. And I'm typing while I'm doing this.
What are the top search engines that I need to go to in order to find a job in the us? One of the top ones is called indeed.com, but there's several other ones in LinkedIn, monster.com, dice.com. Career builder.com, clearance jobs.com. Those are all us, but if you go to, if you were finding another country then it would be different.
Okay. So let me show you guys what I got going on here. If you happen to be watching me still on on TikTok or Facebook or YouTube, what I'm doing is I'm on indeed.com and I just typed in PMP certified. Project manager and, watch, let's see what results we get. I put fine jobs. You can do this on any search aggregator, by the way any, job search site.
So what you would probably wanna look at here, it depends on your situation. If you're not in the United States, you probably want to get this first one here. That's a remote position. And then look at the requirements. So they have qualification this one's 30 days old. So this is probably gone. See, one of the things you wanna do is search by posted date, but for now, like you probably wanna do it within 14 days, but for now, let's just look at this one as an example for, to get this, due a job.
So I, what I would do is I would go to indy.com, which was one of the top search engines in, this country. And we found one here is technical project support manager, and luckily project support PMP. Lends itself to remote positions. So that's why I say yes, you can find a job here. This is, this one has a salary of a hundred thousand a year.
That's pretty good. It's a full-time position. They require a bachelor's degree. In addition to your PMP, preferred bachelor's preferred. So you don't have to have one five years preferred. This is really good. If you happen, have a P and P you might wanna check this one out. If you don't make a hundred thousand, but I think this one might be gone because it's over 30 days already.
So let me actually, lemme switch the screen. So people on YouTube can see. All right. So what I'm reading, I'll read this. If you happen to be listening to me. So we already said that this stuff was preferred. Now let's get into the, if there's any caveats, meaning can you do this from another country?
So one of the questions I would ask if I was living in another country or abroad or something like that, or if I wanted to work remotely from a country like Bali not country in Indonesia in Bali. So I would wanna know do do they have restrictions on where I can work from that would be the next question.
So the answer is yes, you could find a job in the us is hot market. A lot of people say, oh, I can't find a job, man. It is booming, man. There's no problem in it. Finding jobs. Here's one right here. As a matter of fact, yeah, they got health plan. They probably have requirements cuz this is a government.
So government positions, just so you know, usually they'll say remote, but you have to be in the United States. And then another thing to look out for, if you happen to be not, if you're not a us citizen, another thing you probably wanna look out for is whether or not you have to be eligible for, a certain clearance security clearance, because eligibility means that you are a us citizen.
Or a naturalized citizen or something like that. So the answer is yes, you can get a PMP in the United States. You just have to look at the requirements of it and and, check out the site for that. And then the, other thing I didn't do on here is look at you. One of the things you have to do is look at jobs, posted and look at it from the last 14 days, rather than last 30 days.
Cuz it's gonna be a little bit different and look this one right, away. It says you have to be a us citizen or a car green card. This is exactly what I was talking about. This one's specifically saying you should have to be a green card holder or a green card holder. Let me show you here.
This is exactly what I was talking about. So yes, you can do it, but look, it is remote by the way, but they want you to have a PMP certification, but you have to be either a us citizen or a green car holder and they tell you right away. That's what you wanna look for. And then if they don't tell you on the job description, you have to do you, have to call 'em like call 'em and figure that out.
Hey, I want to know, can I work there? I'm living in another state. I'm living in another country. Is that a problem? Is there any travel whatsoever? Is it a problem that I'm not a green car holder? You got to ask 'em all these kinds of questions. PMP is an incredible certification by the way.
Really, good certification. A lot of technical guys, I know got one because it's it, pays like PMP actually pays, good money. Let me see it got some other questions here. I'll stick with Italy and Japan.  okay. Let me see here. I have some other YouTube questions. I'm gonna answer real quick.
If I can, did it just log me out. Oh man. Come on drew. Come on, dude. It just logged me out. Wow. I don't know why I did that. I can see myself live. Oh, wow. Okay. I don't know what's going on. I don't know why it logged me out, but I'm about at an hour. So I'm gonna cut this short here real quick.
Thank you guys so much for watching me. I really appreciate everybody who's watching. I re really appreciate my community. If you guys are interested in getting more, the show doesn't stop. You can always catch me on. You can email me. You can catch me on discord. You can catch me on TikTok. I'm always posting a new content, any kind of questions that you have, feel free to a ask me.
Most of my content comes from people asking questions. So I'll actually make a video about it. And if it's a really, good question that I'll be asked over and over again, I'll make an entire course out of it and spend weeks and months doing that. That's it for this one, guys. Thank you so much for watching.
Thank you for listening to me on podcast. If you guys didn't know, I have a podcast that I do regularly. That's another place you can catch this stream. It's on pod bean.com. Check that out or in Lincoln description below. 

Get links here:
https://securitycompliance.thinkific.com/courses/cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/07/21/fact-sheet-national-cyber-workforce-and-education-summit/
 
Two one and we are live. Okay. I've got some urgent stuff to let you guys know about. That's why I decided to just go ahead, go live. So I'm on live. This is a podcast combo course podcast. First of all, my name is Bruce and I do this once a week. At least lately. I've been doing these a little bit more and I wanted to tell you guys about this national cyber workforce and education summit that happened on July last month.
And it's a bunch of free training for entry level cyber security people. And I thought that this was important enough that I should let you guys know what's going on. So if you guys did know my name is Bruce, what I do is cyber security training and also help people to get into this career. If you're interested in this, follow me on YouTube, tons of free information, tons of free stuff out there.
All of this is not paid. I'm just trying to help people out. That's the name of the game for me? I'm good. My life is good. I'm just trying to help y'all other people out. And that's what this is all about. So what this is gonna be is a breakdown of some of the free training that's out there.
Right now. For you guys the, a couple of these things are really exciting. A couple of 'em are really amazing and let's just get right into this. All right. So this is all coming from a summit that happened.  so let me back up a little bit. So the white house is pushing some sort of initiative to fill a bunch of slots.
There's a huge shortage of cyber security people. There's something like seven over 700,000 cyber security positions that are open. And it's due to a lot of things it's due to people retiring it's due to  people getting out of this career path. And they just can't retain people and there's a huge need for cyber security.
So they put together this initiative to pull more people in teach people and they pulled in all these other organizations to do that. So you've got everything from the private sector to different departments within the department of defense that are promoting this.  and all of the stuff I'm about to tell you is coming directly from the white house dot coms white house, white house.gov.
I'm sorry, not white.com white house dot govs briefing that they did in July. So this is a bunch of free training, a bunch of job jobs and all kinds of opportunities. If you're interested.  like I said, a lot of this is free. Let's start off with department of labor and commerce. So department of labor and commerce is doing 120 day cyber security apprenticeship.
And this is already started. So if you are interested in this, you gotta go to this.  now you can either Google this right now, or you can go to combo courses.com where I have put all this slide deck with all of these links that I'm about to show you are on my site. So if you're interested in that, just go to combo courses, or you can just go to Google and type, and then Google what I'm saying, but if you're interested, you just go to convo courses.com and this is free to sign up and then you'll just download.
You'll download the slide deck from here, and then it'll have all of the, all the stuff that I put together on this thing. And alternatively, you can just type in national cyber workforce education summit, and then all the actual stuff is there minus the links, because I did extra research to get these.
All right. Let's start off with us department of labor and commerce. They have 120 day apprenticeship. So if you're trying to get your foot in the door with cyber security, this is one of the ways that you can do it. This is a golden opportunity. If you're actually an it person, you, or actually you might even be able to switch from another occupation to get into cyber security with an apprenticeship.
Yeah. So this is getting you actual experience.  Now you've gotta go to the site and register. They've so far have 714 registered apprenticeship programs and they're accepting people and for a little bit, so go ahead and sign up for that. This is a part of a huge initiative from the us government to actually get more people trained up and get people in these positions that they really need.
So that's, what's happening right now with this So that's the us department of commerce. And like I said, if you want this slide deck that I have, if you wanna see all this stuff, you can download this on combo courses.com. Actually, if you are watching me on YouTube, it's in the link in the description below.
If you are watching if you're listening to this on podcasts, go to combo courses.com. Look for Look for convo courses online. It's a bunch of free stuff that I post out there. Downloadables all my slides are there. Look for that slide deck. This slide deck that I'm showing right now, but let me, let's go to the next one other opportunities out there.
This is the apprenticeship apprenticeship.gov. If you happen to be following along type in apprent.  Apprentice ship.gov. And that'll show you the countdown of days. They're saying there's 77 days as of this recording and 14 hours left for people to sign up for this apprenticeship. If you're interested in getting into cyber security and being trained in the next 120 days with the department of labor and the department of commerce, that's where this is coming from.
All right. So let's keep going to the next. Next one. Okay. Now this one right here is incredible. If you happen to be watching, listening to me right now this is not gonna last. This is not gonna last. So ISC squared. Okay. Let me explain. This is really important. ISC squared are the guys who do one of the top.
They do the top cyber security certification known as CI S S P. So these are the CI S P. So they just recently released a new certification, an entry level cyber security certification called certified in cyber.  This is unprecedented because these are the top guys in the field. They're competing directly with security.
Plus with this one, what they're doing right now is they're giving this away for, they are given free training. This is a $200 training. This will not be free for long. This is a $200 training that you can take. I believe after you take the training, you can go ahead and take their test, here is the site right here. It's on ISE, two.org/certifications/cc. Or you can go to Google and type in certified in cyber security, ISC two, and then you'll find their certification this right here. Let me see if I got another slide on that. Yeah. They're saying. Okay. So first of all, this is the world's largest nonprofit association of certified cybersecurity professionals.
That's a fact. So they have the leading certification. In the world, which is the CI S P and they also have the the cap and several other large certifications, but those are probably the two top ones. This is huge. They are giving free training for this. And then you can go ahead and take this certification.
It's an entry level certification is brand new. Marketability. I'm not sure how marketable it is since it's totally new and people don't know what it is, but people will know what it is because ISC two is the biggest cyber security certification. The most world renowned cyber cert security certification organization in the world.
So if you get their certifications they have, they are just everybody respects 'em because they don't do shady stuff. Like some other organizations that I won't name. Okay. And I have certifications from them. Cert, I've got multiple certifications from them and I've been I get jobs very easily because of that.
Alright, so let's see. Let's keep going here. Okay, Accenture I don't know if I'm pronouncing this right, but they have a bunch of entry level professional certifications. If you are interested in that They here's the site right here. Here's what it looks like. But if you go to Accenture I believe it's accenture.com.
That's a C E N T U R E. For those who are listening on the podcast you'll see their entry level professional certifications. And they've because of this initiative, this push forward to actually advertise. Getting more people into cyber security. They said that they're committed to creating access to new roles in cyber security cloud and technical areas through apprenticeship and upscale programs.
So if you're interested in that, go ahead and check it out. Let's keep going here. We've got a ton of other ones. We've got an Institute for cyber security studies. These guys are offering. A bunch of training for executive education programs. If you're interested in that, I'll keep going. If you're interested in getting the links, I've got links to each one of these training courses.
So this is not necessarily entry level, this one's for executives and board of directors and stuff. So that doesn't really apply to the people I'm talking to. So let's keep going with this. Okay. So Auburn universities.  They have a program as well. That's has an in they're helping with this initiative to get more people into cyber security.
So you can check that one out. There's the link right there. If you're interested in that, go to combo courses.com and you can find that in in this slide deck that I'm showing right here, all of the links are there. There's lots and lots of details there. That's why I'm just gonna go ahead and give you the links and.
And find all this information that I'm showing you here, but this is where the link is at. You go to convo courses.com four slash courses, four slash cybersecurity, and you'll find it here. Alternatively, you can go to the actual site where all this stuff is at it, it won't have all my research.
I did extra research to show you like where all the news feeds are, where the actual sites are where where you can sign up for this stuff. You won't have that you'll have to do your own research, but if you go to if you go type, go to Google and type in national cyber workforce and education summit, you'll find everything that I'm talking about here.
That's where I got all this information from. Okay. Let's keep. We talked about ISE squared. We talked about Centura. We talked about a couple of universities. Let's keep going. Let's go to Cisco. So Cisco is also ha also has this initiative where they're pushing they're given a bunch of training to college and co colleges, including 107 historically black colleges and universities, the H HBCUs.
They're doing a huge push. Here's a, an image of their site. Trying to get more people into cyber security workforce, cuz as there's 700,000 vacancies in cyber and I can vouch for this I'm in this field and I'm telling you, they try to put four and five hats on us and we're having to do all this extra work cuz there's not enough people to do this work.
It's really a huge problem. And so there, I'm glad that. That they're actually trying to pull more people in, but now Ciscos in on it, they're trying to pull more people in. They're trying to get more education out there and get more people in the workforce. So let's keep going here. Comp Tia. So comp Tia has a partnership with connect wise.
And if you go to their site right now, if you go to their news feed, you'll see this right up top, where they're trying to get more people into this field by merging with ConnectWise and getting an it apprenticeship out there. Some of these things that I'm gonna show you by the way are in the works, they haven't actually started yet, but some of 'em are like already ongoing.
You can literally sign up right. And and apply for these and get into the apprenticeships. If this is, if I were you like, if the position that I'm seeing. Is, if you happen to be a help desk person, if you happen to be in a field where you do a little bit of tech, but you're trying to level up, this is actually perfect for you.
This is absolutely perfect for you. Now, if you happen to be in a completely other field, some of this may help you out the ISC two squared, I think is a huge one to, to try to do in these are entry level cyber securities thing. This is unprecedented. This is amazing. I'm glad that there.
This push for this field because it really needs it. But if you are brand new to cybersecurity, if you trying to get into this field, like people keep asking me over and over again on TikTok, on YouTube, on Instagram, everybody all over the place, trying to get from where they're at to cyber security. This right here, this certification, this ISE two squared certified in cybersecurity.
If you go to IC two square.org I actually it's is. two.org. You go there. You will see this assert a new certification called CC. And this is for entry level cyber security people. Let's keep going. Where were we let's see scrolling down, going to CompTIA. Okay. We just talked about CompTIA Lincoln description below.
If you happen to be watching me on YouTube, if you happen to be watching, listening to this on podcast a little bit later or live, then you can actually download all this stuff I'm talking about on my site com convo courses.com go to that site, and you will see that in in. What is it? Combo courses.com/courses/cybersecurity.
And then there's a downloadable that has all the links that I'm showing you here. It's called national cyber workforce and education summit. This is from all from a summit that happened on the, on July in July, just last month. All right, let's keep going. We already talked about compt. Image of the comp Tia newsroom.
If you go to comp tia.org and check out their press release, you will see exactly what I'm talking about here. So I just gave you several links that you can either go to Google and type it. You can go directly to the site such as comp tia.org, and look at the news feed and then find this find this right here.
This initiative, there's a push towards getting people apprenticeships with ConnectWise. Okay, let's keep going here. There's a couple other good ones here. I'm gonna just go straight to the good ones. You've got several organizations that are pushing towards this several universities as well, that are pumping lots of money and initiatives into getting more and more people into cyber security, such as Dakota state university they're highlighted.
90 million investment for cyber research and initiatives to support multi-party public private partnerships funding to get more people into cyber security and their goal is to get more people in cyber sciences over the next five years. Okay. So there's that initiative? IBM has a push towards getting is announcing that the education initiative.
That's gonna help the vet department of building and affairs. Couple of other organization and HB cus to provide no cost, zero cost stem training. For us military veterans, newer divergent learn learners and university students from underrepresented communities. So this is really impressive that they're actually reaching out and trying to pull more people in from all over the whole spectrum of the United States.
That's really cool. Okay. So Linox foundation had a good one as well. Now you gotta check this one out. This is one of the better ones. I don't know that I have many left that are as good as this one, but check this out. So Lennox foundation, they actually. And I think this is for a limited time only they have 15 hours of free software, secure software training programs.
Here is the link right here. If you wanna get that link, I already told you where the link is. If you happen to be watching me on YouTube, you can actually click the link. It'll take you directly to where you can download this slide, presentation that you're looking at right now that I'm describing on this podcast.
And you can download or get this, download this, and then click this link and it'll take you to this free. Developing secure software or alternatively go to Google. If you're lazy, go to Google type in Lenox foundations space, free secure software training, and I'm sure it'll lead you there, cuz this is active right now.
Look at this. This says enroll today. Cost zero. All of these are not gonna be zero for long, right? That's why I decided to do this live because. This stuff is limited. Like CC.  ISC two is limited. I don't think that course is gonna be free forever. And then this one develops secure software is not gonna be free forever.
It's gonna go up to 200 or 100. Whatever the price is gonna be on this thing. Okay. So let's see night dragon is also doing some initiative. I already checked on this one. This one's not out yet. I don't think they have announcements and stuff, but I didn't see, I seen where you can sign up for it.
I didn't see a place where it's actually active yet, but I could be wrong. So go ahead and check that one out. This one's active in power will offer skill development courses and free it training and credentials to military connected individuals, as well as young adults from underserved and underrepresented communities.
That means if you are from a socioeconomic poor place. Like myself, this is gonna help you out. So you can literally apply here. Here's a little bit more news here for it. If you are happen to be listening to me, just go to Google type in power.org. And you'll find it. You'll find that site.
And I think that's it. The last thing I wanted to talk to you guys about is Booz Allen Hamilton. Now, I don't know if this is in direct relation to the, this push to get more cyber security people in this, but. It's matching what we're talking about. And right here, it's just saying that Booz Allen Hamilton starts entry level cyber security staffers at $150,000.
This is entry  entry level, cyber security staffers, up to $150,000. Now, if you happen to be in it right now, if you happen to have a security. Hell. If you don't have any certifications and you happen to be an it person, this is something I would definitely look into. Now. I gave you some links here, or if you happen to be listened to me, go to Booz Allen Hamilton, just type in Google, go to Booz Allen Hamilton, go to their career section and put your resume right in their.
and then look for these cyber security jobs. I would just put your resume right in their site, because sometimes they'll reach out to you. If you do that. If, and if you happen to be watching this on YouTube, you can actually look in the link description below, sign up for free, and then go to Booz Allen Hamilton careers.
And the link is here. And then go ahead and sign up for this. That's all I wanted to say guys. That's it for this.  I just wanted to, this was urgent because some of these things are gonna expire soon. Like some of these free items are gonna actually expire soon. Like this Lennox foundations, this one's really, this is a good one.
If you happen to be into doing development of code and you want to jump into this this is absolutely free. And then the other one that I'm the most exciting one to me, cuz I know this is this. This could possibly compete directly with security plus, I don't know. It depends on they market it and stuff, but this certified and cyber security entry level secur cyber security certification.
This is, this has a potential to be really good to where they'll add it to things like the DODs 81 40. They could probably add it there and compete directly with the security plus, we'll see how this goes, but I would, if it's free it's right now, it's free. Go to ISC two.org and look for this certification.
It's called a CC certification. I would go ahead and try it. If you're entry level. All right, I'm gonna take a few questions and then I'm gonna end this thing. I just wanted to, that was the main thing I wanted to talk about. So if you have any questions on I've got some, I might have some questions on TikTok or have some questions on YouTube.
Let me see. I've got one question here. Let me see. Moncho says we will need to know basic it will we need to know basic it. Cover a plus or can anyone just go in it and get training and learn? This is actually a really good question. So it depends on the thing that I have, all this lists I'm seeing here, there's a couple that are completely like, you can come in cold.
Yeah. This one right here. So this one right here is  fast pace free. This one's designed specifically for people who are just, who are absolutely brand new. Let's check it out. Let's check it out. I don't wanna lie to you. So I'm gonna go to ISD two square live, and we're gonna, we're gonna go through this one together.
And for those who are just listening, I'll explain what we're looking at. So mantra asked me if this ISE two square. CC certification is for anyone like, can somebody who's coming in from nursing. Could they actually jump into this one and just start, let's see, they said it's entry level.
So that's what they're, it's not only entry level, but it's tailored towards people who are brand new in this thing. So let me see. So right now I'm on the SC ISC two.org certification CC site. So that's what we're looking at. And we're looking through it. Let's see introduc introducing the ultimate starting point for an, let me see for an exciting career certified in cyber security.
So they're doing their little. Spiel here to get us to get in here, take the first step in reward in a rewarding career to get your, and get your certified cyber security for ISC two square. The world's leading cyber security. Okay. They're promoting themselves. Let's get to the meat of this. Like what does the candidate need becoming an ISC two candidate.
Did you know that you can now join ISC two squared and become fully certified? Okay. Now we know we. We have recently launched a candidate. Okay. Which allows anyone studying for a certification or interested in a career in cyber security to join association. So this doesn't have any prerequisites. It looks like to me, that's what it looks like to me.
So qualifi, a qualifications, Pathfinder. Okay. Here it is right here. Unsure. If CC is right for you. Let's.  let's see, we're gonna look at their Pathfinder that basically breaks down the path that they expect you to have to get this to get this. Let's see what is the best cyber security qualifications for you?
Anyone cyber security journey or career journey is everyone's cyber ski. If I could read  is. And it could, it can be difficult to navigate through all the certifications opportunities which, okay. So you're still not telling me they want us to sign up. I bet. Okay. Pathfinder, we make it easy to discover.
You should go to the site yourself. If you're interested in this, you should go to as follow along with me, ISC two.org/certifications slash. Qualification Pathfinder right now they say, start your journey. And I believe they're gonna take me to a form. Okay. Nope. All right. Let's see. Are you interested in pursuing a cyber security certification for your team?
It's asking me some interactive questions to see, to determine if this is for me, I'm interested in pursuing a certification myself. So what I'm gonna do is I'm gonna answer this, like I'm brand new, like I'm coming out of a whole nother career. Which of the following best describes your current cyber security goals?
Okay. I would like to start in cyber security career, but unsure where to start. I'm currently working in it with security responsibilities. Okay. Nope. That's not us. I currently work in cyber security. Nope. I'm interested in specializing. Nope. I work in a note that's security role or a, it. I would like to demonstrate my knowledge of various risk frameworks, not what the hell  I would I work for and pursuing cyber security job in the government, which or with contractor requirements, specific specifications, I work with healthcare industry in which to pursue cybersecurity.
Okay. This might be it right here. This might be it right. Let me see. I currently work in cybersecurity. Okay. This one, right? This one is for somebody going from healthcare industry. And this one is I would like to start cybersecurity career, but I'm sure where to start. Let's just get this one that's general enough.
Okay. Next one is saying, looking to start cyber security career, but unsure where to. , you're not alone. Many people are interested in cyber security, but they are unsure where to begin their journey. Okay. Select the option that describes you. I have worked in it. No, that's not me. I am a student studying computer science.
Nope. I would like to start cyber cybersecurity career, but have no or very little security or it experience. This is us. Okay. Now let's see if it says, get the hell outta here. This is not for you. Let's. Get certified in it. Okay. Lacking work experience is not a problem. Look at this. See, moncho this answers your question.
Lacking it. Lacking work experience is not a problem. The new certified and cybersecurity entry level certification is perfect for you. The certification is a pilot is a pilot form at this time, and it is an ideal next. For those interested in this field, like you learn more now this, I think this is where it's gonna ask me my name and social security number and firstborn child and all that kind of stuff.
Nope, it didn't okay. If I want more information, I'm gonna have to look at this free train. Look at this is what I'm talking about. Free training right here. Get free training for a limited time. Since this is new, they're trying to promote it by giving it to letting people use it for free. But it's, they're saying it's a $200 value.
That means it's probably gonna go up to $200 once day. And these courses are not cheap. All right. So if I want to download a breakdown of what's on the test and everything and how to train for it and everything you, I think this is where I would have to give them my email address and they put you on like a mailing list and stuff like this.
It's pretty in unintrusive. You know how some of these mailing lists are very like aggressive. I see two squares, not like that. But anyway, you would sign this stuff and then it would give you a breakdown of what domains are on the test and. More details about the actual test itself. This is a really good, I'm really glad that they did this.
This is a really smart move. I really hope the certification does well. It really depends on how much traction it gets. And so that's why I think they're giving the training away for free. So moncho, I hope that answers your question about this one. It looks like if you have no experience at.
They're doing an entry level certification. They're trying to compete with comp Tia, cuz comp Tia is right now, the premier it entry level certifications that you, that people are using. And it's the, if you get a help desk job, a lot of times they'll ask you, Hey, do you have a plus certification?
If you have no degree or whatever, or sometimes when you have a degree, it doesn't matter. They were like, Hey, do you have an a plus certificate? Cuz it's just that marketable. But now they're trying to compete with that.  and then they're trying to get in that space where Google support it. Certifications are starting to become real popular as well.
So now ISE two, that's a really smart move, I think. All right guys, that's it for me. Thank you for listening. Thank you for watching. I really appreciate it. I'm gonna be restream this stuff on my podcast is on it's on pod beam dot convo courses. Now convo courses dot pod beam.com. If you happen to be li watching me on YouTube it's there I'm live streaming it right now, but I'm gonna re-release it for those who might have missed this one.
And that's it. Thank you so much for listening. Thanks for your questions. Thanks for watching. I will talk to you guys later. Pace.

Checkout - http://convocourses.com
 
See the video of this podcast here: https://www.youtube.com/watch?v=0gA0vnflsUs
 
Join DiscOrd: https://discord.gg/WE2QFFf7ct
 
Question: CyberSecurity Jobs in Mexico - Charles
"Hello, 
I really enjoy your videos, I wanted to know if there are 
any cyber security jobs in Mexico or if you can work
remote jobs while being in Mexico?"
 
We go through how to find IT jobs in Mexico using job aggregators that are popular there. 
 
 
 
 
 
 

Main topics:
Challenge of working remotely in other countries
The ATS style resume for IT and cybersecurity
 
For more check out: www.Convocourses.com
https://www.youtube.com/convocourses
fb: https://www.facebook.com/convocourses
https://www.tiktok.com/@convocourses
Amazon books: https://www.amazon.com/dp/B0B6PWGXJZ?searchxofy=true&binding=kindle_edition&ref_=dbs_s_aps_series_rwt_tkin&qid=1661986519&sr=8-1
 
Audible:
https://www.amazon.com/gp/product/B0B98WG2HX?notRedirectToSDP=1&ref_=dbs_m_mng_rwt_calw_taud_tkin&storeType=ebooks&qid=1661986519&sr=8-1
 
Welcome to convo courses. My name is Bruce, and this is gonna be kind of a different format podcast. If you happen to watch my old ones, normally I put 'em on YouTube immediately. Um, right now I'm kind of on the go and I'm in my hotel. But I'm able to knock out these podcasts and there's a couple things we're gonna talk about on this one.
And I'm trying to just help you guys out with everything that I've learned over the years, doing cyber security and doing specifically security compliance, um, and how to get into the cyber security and it space.  um, and, and things I've learned along the way I've been doing this for 20 years. Uh, I've been doing this since two, the year 2000.
I actually was in the military for eight years. Um, I, I ended where I was working as a physical security guy. I was a security forces member, protecting resources and assets, and then doing law enforcement, things like that. So I very familiar with security, physical security controls, but then I, I cross train into cyber security.
Well, actually I crossed into it and we call it computer operators, but I did all things, uh, related to it, including cyber security, where, and that's where I got into security compliance. So. What I'm gonna talk about in this one is gonna be, um, something I learned about resumes. I realized why my resume's been doing so well.
And it's because it's ATS or application tracking system compliant. Let explain what that is. And, uh, kind of walk you through how to do it, and I'll try to be as audio as possible, knowing that some people only watch only listen to these, uh, podcasts. Uh, but that being said, if you happen to watch this on YouTube, then I'll have, uh, some examples for you as I'm talking through it.
Another thing I'm gonna talk about since I happened to be remote. Is working remotely and some of the pros and cons and, um, got some notes here, pros and cons of working remotely, some of the benefits of it and some of the countries that, uh, a lot of Americans are going to and why. All right, let's start off with the actual remote work.
I'm gonna take you guys here outside for a second here, outside of my room. It's gonna be a little bit of a change of audio. So just bear with me, but you'll still be able to hear me well, all right, here we go. All right. So I'm not able to do this live. Normally I do these, I do these live and, uh, um, but I, the.
It's not good enough here. And so that's one of the things I talked about in the previous videos and previous, um, podcasts where you, whenever you go to a place it's about noise. Pollution is a factor. Sometimes. Anyway, that being said, let's get into this. I want to show you guys where I'm at. So I'm at a resort here in Manila, Philippines, and I've been here for, I've been in the Philippines for about a month.
Uh, I've been off for about two. At the end of that, and I'm actually looking for a job right now, learn some new things about the job market, which we'll talk about. Okay. So what I'm looking at, if you happen to be watching and listening to this on audio is it's just a group of hotels with a bunch of pools below it's.
It's beautiful. It's kind of a rainy, kind of a rainy day here in Manila. There's a freeway that's not too far from here. That's what you can kind of hear that far away. There's an airport, not too far from here. And then you can hear. Below that are in a pool and stuff. So that's, that's where I'm at. I'm like on a balcony of a hotel resort, pretty nice.
It's called the urban residence, urban residence. Crazy that I've gone to so many hotels. I forgot the name of this place. And even, even those places. Nice. Anyway. Okay. Let's talk about the benefits of remote work. You hear a lot of people talking about remote work and you probably wondering, like, why did everybody talk about this?
Why is this so popular? Why is what's going on with it? Well, there's a few reasons and everybody has their own reasons, but I'm going to name some of the most popular that come to mind. One of the biggest ones is, uh, when you're working remotely, especially in other countries, is that it's cheaper to live in other countries.
A great example is Manila is one of the most popular places that Americans will go and move to and work from because it's just, it's just cheaper to live here. The food is cheaper. Uh, for us, um, the cost of living here for Filipinos is, is not great. There are problems here. I've been here long enough to see some of the, the freight edges of, of a country.
And that's the thing. When you go to a country it's not all sunshine and rainbows, like you, you find there's issues in every country, just like in the us. So don't a lot of people just talk up on a country, but you gotta look at all sides of it whenever you travel. Anyway, one of the biggest benefits that Americans will come here in, in some other C.
That it's cheaper for us cheaper for us cost of living wise with food, much cheaper with your medical is much, much cheaper. It's cheaper to fly here or do medical, uh, and dental than it is to do it in the us. It's ridiculous in the us. It's cheaper for rentals are cheaper. Like these rentals here. Um, this, these are kind of an exception because these are, this is a private residence that are in a, a resort.
So this is gonna be a little bit more pricey. Um, but this, this place I. Which is, which is incredible, which has pools. It has has a clubhouse that right over there that, that dome looking building that donate, donate shaped dome looking building is a, is a clubhouse that has, it has food. It has amenities such as the gym.
It has all kinds of stuff there. And it's three levels, but this place I'm at is $45 a day for this resort. There's, there's like four pools here. There's an Olympic size swimming pool over there. This place is. It's it's, it's absolutely ridiculous. Um, not the best service I've had in the Philippines.
Philippines has some of the best service in the world. This place is kind of, so, so I don't know why it's the, management's not as way here, but this place is incredible. A place like this will run you probably $300 a day in the us. No joke, cuz this is like a five star resort. Um, here it's $45 and I found some of these places that you I'm looking at at hundreds of different.
Across from me and these units, some of 'em are only $27 a day. You could literally live here for $27 a day, $27 a day. It's like a thousand a month in a resort. Think about that. Living in a resort for thousand dollars a month or $30 a day. Yeah. About what, $30 a day. It's for 30 days, $900 a month. So that's still cheaper, like living in a place like this has a kitchen, it has internet, it has, uh, you know, um, Full bathroom.
Like you could, there's a laundry service downstairs. Like you could live here in this resort for $900 a month. There's a, there's a, uh, mall not too far from here. It's walking distance with a grocery store. Uh, everything you need is here and $900 a month, a place like this cost you $900 in the us. So that's one of the main reasons that people will travel and live in another place.
Some places that people consider besides. Would be that are cheap to live for us for American citizens is include Portugal, um, Thailand, Vietnam, Mexico, um, and Columbia. And there's a few other ones that are, that are comfortable for us to live and a Dominican Republic. That's another one comfortable for us to live much cheaper living standard and just your, your life is gonna be completely different there.
You. To really retire in some of these places. And this is 900 a month is, is, is crazy here. That's a crazy price. Um, you can get something that's not as doesn't have as many amenities for about $200 a month, $300 a month. A very, a pretty good place for about $300 a month. So, and then the food is, is cheaper.
It's uh, the transportation is fairly cheap. Um, here much, much cheaper than the us. It's all around. Like your whole living expense is gonna be different. So that said you don't need a hundred K job. You don't need a six figure job to live in a place like this. You have a six figure job here. You are living like a freaking king here, you know?
So that's one of the main reasons that people will go and live remotely. So, um, it's worth your time to look into everything's cheaper medical, uh, your dental, your food. Rentals your transportation, your whole living, your whole life is much, much, much cheaper in these countries that I named. Now, one thing you should know is that there's some countries that you probably sh can't go to, or don't necessarily want to go to, cuz you would not be able to work in an American or Canadian or some other countries going, you can't work from the following countries doing remote work.
I'm just gonna name a. Top of my head that are gonna be much, much harder for you to do remote from. And, uh, those, especially for American companies, cuz there's like an embargo. Anytime there's a country with an embargo, it's gonna be a lot harder for you to, to live there. And one of off the top of my head, one is Iran.
Um, Iran has some kind of sanctions, you know, and it's not that us American citizens agree with this stuff, but that's neither here nor there. If you're trying to work from. Cheaper location and you're trying to live there and stuff like that. It's just, you know, we are not necessarily the ones making the policies or controlling what's going on.
Right. So it it's fun. It's funny because the politically, we don't necessarily align with what the government is doing with the sanctions and stuff, but it it's a reality that we have to deal with. So one of those is Iran. Iran has all these sanctions. There's most American country companies that are paying you big money.
Will not be able to work from there. You can get there it's even gonna be hard for you to get there as an American. Another place is gonna be of course, uh, North Korea.  obviously, it's funny because it's so obvious. It's so crazy. It's gotten, the relationship has been so bad between the us and North Korea.
They just did not even a question anymore. You go there, especially if you're ex-military or something you're gonna be end up in prison somehow, you know? So unless you're Dennis Rodman or something, I don't know. Um, it it's, it's just not a place that you're gonna be able to go. That that being said South Korea.
Um, it is probably a place you could live, but it's, it's a lot more expensive in South Korea. So, um, it it's, a lot of people don't go there because of that reason, unless they have family or friends or, or, or their family fiance or spouse, is there or something like that. Um, another place that you probably are gonna have some issues with is gonna be VE.
And it's just unfortunate, cuz it's such a beautiful place with beautiful people, beautiful culture and all that stuff. It's just sad. But Venezuela, I know people are going there but to work from there, um, cause the what's happening with the economy. Cause there's, you don't know like the, the embargo thing is kind of flaky with the us.
Every time there's a new president, they put some kind of stuff against Venezuela. Venezuela is probably not a place you could work remotely. Uh, another place is Cub. Another one that's really unfortunate because it's such a beautiful place. It's so amazing. It's so close. It just makes sense to live there.
And it's just like, because of all this stupid stuff going on between our governments, we as Americans gonna have a hard time getting in and out of there, especially if you're working from there on, on, uh, anything with any kind of government information, it's just gonna be harder for you to work there.
And then all this political stuff happening now with, with. Don't know if you've heard, but like Russia and, and some other countries that are going and, and making bases and stuff and having relationships with it's just gonna go outta control here real soon. So it's not a place I would recommend that you, even if you have the ability to do it, to work there for an American company and, and go there.
So those are the three that I was, I'm sure there's many other ones. Maybe I'll make another, uh, video where I explain some other countries that are, that are not good to go to, to work. Um, and, uh, that's, that's about it for those ones. Um, let me see if there's any other things I wanted to talk to you about with remote work.
I think that's it for remote work. I want to talk to you guys a little bit about something I've discovered something I was, I've been doing right for many, many years. I'm gonna actually change locations here so that we can get a better sound change up the ambiance a little bit. Okay. Here we go. Going inside.
Room
are you on? Okay, sorry. Uh, okay. Sorry. I, my partner's, uh, doing some work there, so I'm gonna stay in. I'm stay out here.  oh, this is, uh, podcast. So that's what you get real life stuff going on. So anyway, um, I wanted to talk to you guys about a Ts. So what I discovered is all these years I've been doing something very right with.
My resume. If you didn't know, whenever I put my resume out there, I market my resume. It does really, really well on LinkedIn, on dice, on monster and all the other job sites. It does really well. And the reason why I discover is cuz I keep it simple. It's just a plain, it's not fancy. It doesn't have tables.
It doesn't have pictures. It doesn't have anything, any kind of overlays, nothing like that. It's just a plain document. White paper, white. With my name on the top contact information, and then job exper work experience. It has, um, certifications. It has education. It has that's about it. It's pretty simple.
Like I think I recently added skills, but it's pretty basic. And I normally put it in dot doc, turns out all that stuff is what you're supposed to do so that it is ATS compliant. Now, what is ATS? ATS? A application tracking software. It's basically like a database or software or a server that fortune many fortune 500 companies use to, uh, pull in the resumes and track, um, and, um, monitor and do analysis and do artificial intelligence analysis on resumes.
It pulls them in if it has the correct format. If, if the correct format is. It'll reject your it'll reject your, um, your applica your resume, right? And if you, you wanna know what I'm talking about, whenever you sign up for a job, think of this, have you noticed they always have you do an application? The reason why is cuz your resume is not compatible.
Normally people's resume is not compatible with the system that they, that company has internally. They have an internal database that pulls in all the information. It has. It has a database. Name, uh, where you've worked in the past, all your experience, your skills, your education, all that pulls, all that stuff in, and it compares you to other candidates and it, and once you're in their database, they have this big pool of people, um, that they can pull from and, and put into different positions.
And it allows 'em to put you quickly into those different positions and then call you con if you contact information's there, they'll contact you with via. Or via phone and say, Hey, Bruce, uh, we've got this position for you. Are you available on this day? We noticed that you have all the skills that we need for this position.
That is an ATS. It allows 'em to very quickly get you in their system. And if you have a resume, what they'll too, if your resume is right, is they'll pull all that information from LinkedIn or from dice or from monster or from other search sites. And. Put that into their database, just instantaneously, but that's only if your resume is out there in the correct format with all the correct information.
And that's why you have to fill out your complete profile. It has to be accurate and then upload your ATS compliant resume. That means a plain blank resume with the headers. All that stuff is in correct order. And one of the things that I noticed that my, my resume didn't get right, was the dates of work.
It's a work we're a little off, cuz there's a certain format that they want you to have in there. So ATS, uh, just having a simplified resume has helped me to get all these jobs and all these offers and all these opportunities over the years. And then now, recently I fine tuned it. I've I've gotten back into my resume, ripped it apart, rewrote it.
And now I'm like really getting into the weeds on the each one of the key words that they wanna see. And the format tightened it up. So it's perfect so that whenever they pull in those resumes, mine is gonna just come in and with no problems. So that is what ATS is. And, um, that is, that's something that that's really helped me out to get jobs and stuff.
Um, I would like to, at some point what I'm gonna do for you guys that watch me on YouTube is I'm gonna walk you through how I actually apply using my ATS. May, um, and how you can, um, maximize your opportunities, uh, to get these different jobs, high paying jobs, by the way, that's about it guys. Um, I'm got about three days left here.
I'm a little bit sad about it. Um, I've gotta go back into the workforce here real soon. , uh, it's been a great vacation here in Manila and I, I actually travel to, uh, different parts of the Philippines. Um, this Philippines, the reason why I come here so often is because it's been like a second home to me.
Um, I have over the years of these high paying jobs, I've been able to buy some condos here. Um, kind of got in early on some condos and, um, got some, uh, friends and family and stuff here. And that's, that's why I come here. And I know where things are, kind of have a better feel for this particular country.
Next country. I'm. To I've been here so many times. It's time for me to, to move to another place. I'm probably gonna go to like Indonesia. I'm gonna try that. At some point, I would like to go to Europe and, uh, countries in Africa. And, uh, those are things that are gonna be in the future for me. I would love to go there and, and visit.
But right now, this going to places, I know that I, that I'm familiar with that can go by myself and feel, and, and feel familiar enough to where I feel safe. So that's, that's why I. Year. And that's why I come here so often. Um, if I would, I get a job here, I noticed somebody asked me a question. They said, Hey, Bruce, like, would you get a, a job here?
And they said, Hey, I'm looking for a job in the Philippines. Could I do it? You totally could do it here. If I was doing that, I've got my kids and stuff are in the us. I'm not, I'm not doing it myself here. And it's a bit too crowded personally for me to live here. Uh, maybe in the far future, you know, and buy some.
Somewhere and then go live there or something, or have my spouse, by the way, you gotta be a Filipino citizen in order to buy land. Or anyway, what I would do if I wanted to get a job here is I would, first of all, tighten up my resume, right. Uh, tighten up my resume and I would look for either a job in Metro Manila or in Sibu I'd open myself up to those I'd look at all the job sites for Sibu and.
Metro Manila, cuz those are like the biggest cities here I'd apply for those jobs. Put my re, get my resume, right? Put it out there. And I noticed just kind of glancing at it that there's a lot of banks that need the kind of work that I provide. So I would apply for all of those, but my biggest play would be on remote work.
I would look for remote work in the us cuz it's a job. It's a hot job market right now for it. And cyber security. I would look for remote jobs. Would allow me to actually work from home and then I would fly here and work from here. That's what I would do. Um, if I was, if I was so inclined to actually work here and at one point I really considered it, I would actually consider bringing my kids here and like living here like three months out of a year or something like that, it didn't work out.
So now here I am by myself. Um, just enjoying my vacation here and. I think maybe in the future, what I'll do is I'll, uh, I'll look for some other country that I could live in. Uh, it probably won't be, like I said, Philippines, a little too crowded, but I'm looking, I'm kind of head hunting for, for different countries that I could live in.
Um, for a while. I like to like live in a country for like a year and, uh, and just to see how it, how it feels to actually be a resident of that country. So I would look for a. That will allow me to stay there for some time. And, but just off the top of my head, Portugal keeps coming up. Portugal is one that I would look into.
Um, maybe, maybe Thailand. I really love Thailand so much. Um, Indonesia's one. I want to check out. Those are what like that are, um, within my price range and I feel more comfortable in those places. Um, cuz I've been to Southeast Asia. So. Times that I kind of know what to expect. And then I would like to learn the language and stuff like that.
So I'd be pretty serious about it if I did do it. Um, I think that that's about it for this particular podcast. Guys, let me just, uh, end this on, uh, letting you get for those you, this is where I'm at. It's pretty nice. Um, got a few more days here. It's been great. Um, just enjoying the culture, enjoying the, the atmosphere and, uh, the humidity.
I love. Back in Colorado. We don't really have that. Um, it's, it's very, very dry mountainous and stuff, which is beautiful, has its own, you know, amazing beauty, but it's not the Philippines. You know what I mean? , we're not too far from the ocean here. Um, feels so amazing here. And, um, I'm gonna miss it once again.
I'm gonna miss this place and um, next time I'll gonna go to another country and hopefully I'll be able to do some podcast. There too. All right. Talk to you guys.

I was in the Philippines from June to part of August. 
We talk about:
Remote Working
Countries I have worked in
ITAR and the countries you cannot work in
the new book about NIST 800-53 controls: https://securitycompliance.thinkific.com/courses/rmf-isso-controls-audiobook
 
Hey guys, this is Bruce, and welcome to concourses. I'm gonna be talking to you about my travels. I'm actually still abroad. I'm still in the Philippines and I actually going back home real soon. So you can expect regular podcasts like we've been doing before, but I wanted to go ahead and start doing these more often.
And I wanna start off by letting you guys know. I just released a few more products out there. So if you go to combo courses.com. I am writing a book about getting jobs in, um, in information technology and in cyber security and marketing those, uh, resumes that you put out, I'm gonna teach you how to create the resume from scratch and then how to promote the hell outta that resume.
So that is incoming. I'm doing that right now as we speak right in it. But if you want to get in early on this book, there it is right there. Uh, and that as soon as the. Is out I'll, I'll release it to you so you can actually pre-order it. Now I also am selling the audio version of the last two books that I wrote on my website, but you can also get 'em on audible as well.
And yeah. So speaking of that, The audible version of the NIST 800-53. If you prefer to use audible, if you have credits on audible, whatever, if you actually want to get a free trial on Audible, you can actually get this book for free on audible. So go ahead and check those things out and I'll be releasing a lot more and creating a lot more content for you guys.
But let's get into this one. I wanted to talk a little bit about this. And how you can do this. And just trying to tell you my experience. So you can get some idea of if, if, whether or not you actually wanna do this. I've first of all, I've been working remotely for, uh, past six years now, um, with different jobs.
Like I, this is my third, my last job was my third job that I did remotely. I worked for NASA remotely with a company, and then I, I worked, um, at Ball Aero. For a while remotely and, and then recently worked with Verizon remotely. And, um, there's a lot nowadays, there's a lot more remote jobs out there. So if you want the opportunity to actually do what I'm doing, it's much easier to do this now.
Um, my experience with RO work and remotely has been incredible. I've really enjoyed. Um, it's given me more time to spend with people who I love, um, I'm at home, so I can actually interact with them and figure out problems together with them and have more family time and things like that. Um, so those are the pros with it.
Some of the cons is if you have small kids, it's much harder to do remote work when you have small kids, or if you have somebody who's very needy it because it's hard to actually do your work with that. Um, and I've been in that situation where. Actually difficult. I had a remote job when my kids were really small and they, as soon as they see me, they wanna play, you know, so it wasn't the ideal, uh, situation when my kids were small, but now they're older, so they understand, Hey, dad's gotta work.
You know, and I have a, a place in my house where I can go and stuff like that. Um, another thing is that I have to actually have more discipline on stopping my work. Like you might think it. It is the opposite that you, it's hard to actually get to work for me. It's the opposite. It's hard to stop working.
I tend to just continuously work when I work from home and I gotta actually stop myself and have the discipline to say, okay, that's it. This project, the rest of this project and work till, wait till tomorrow. I'll I'll get to it then. Having that discipline is really important. Um, the self-discipline to actually not only do the work, but also stop yourself and have a schedule where you.
Force yourself to, um, not overwork. Um, so that that's some of the pros and cons of working remotely. Now, as far as what I'm doing now, what I'm doing right now is I'm actually in between jobs. I'm not working remotely, I'm working remotely on my own stuff, on my own business and I'm writing and stuff like that.
So you could include that as work remotely, but what we're talking about specifically is working for an employer. , you know, whether it's the government or private sector or whatever bank, whatever you're working for. Um, I'm not doing that right now. Right now. I'm abroad and I'm having a vacation and I do any work I'm doing is all, uh, business related.
But I, I have been here before in the Philippines and worked in other countries, Thailand and Vietnam and other countries worked actually working for an employer remote.  and there are some challenges to this. If, if this is something that you, you aspire to do, there are some challenges that you should know about.
Um, number one I would say is just because your employer is allowing you, it, it, it has it on the dockets to work remotely. Doesn't mean they allow you to work in another. And what I mean by that is there's laws. There's rules. One is called I a R, which will pro will restrict you from taking their laptop and their information outside of a country.
And in sometimes in some cases they have a policy where you can't even take the, their. Do equipment out of the state and they don't expect you to work outside of the state, but country is a lot more, um, happens a lot more often where they don't allow you to work outside of the state. I mean, I'm sorry, out of the country.
And, and in sometimes it's just, it's not that they don't want you to work outside of the country. It's more like there's certain countries they don't allow you to and you've gotta make sure whatever.  you you've gotta use strategy. Like if you're trying to live in say the Philippines and you know, you want to get a USA job or a job in Canada or wherever the case may be, you know, this is what you wanna do.
You have to think about it. Um, will this job allow me to work in another country? Okay. What countries can I work in the way that I've done it? Is whenever I get into a company, right? I'm I'm looking at their rules. I'm looking at what are their rules for remote work? Do they even allow, is it flex time where they want you to come in?
Once a week or something, is there travel? Is there, I'm looking at all the avenues of what I can do and what kind of information that we're gonna be processing. Cause that's another important feature when you're first looking at a remote job, uh, because if they're doing classified or any kind of super sensitive information, uh, more than likely it's, you're not gonna even be able to leave the, the state or the area.
Uh, and you have to, it'll be flex work, meaning you'll work from home, but then they want you to come in the office. If you're doing some kind of sensitive, really, really sensitive information. So that's one thing. Another thing I'll look at is, is the environment. Um, some organizations, especially private organizations are a little bit more, um, open about remote work.
They'll actually have like the last place I worked. We had people working in Japan. Like we had one guy working in Japan, doing work on for our clients and stuff like that. And we had another person who was working overseas in south America.  uh, who we had clients in south America. We had clients, we had people in Europe doing work with those clients.
We had people in Australia, we had people all over the world doing it. So the job lended itself to working internationally, cuz we had people who were actually working internationally. So that was that. Wasn't another thing I look at, like what's the environment. A lot of, uh, government jobs. They're very stable.
They allow remote work, but they're usually like flex jobs. They want you to still come in and stuff like that once a week or something. And then they have like a little bit of travel. So you gotta watch that private companies a little bit more flexible. So you wanna look at the environment. . Um, so those are some of the things that I, that I normally look at when I'm trying to think about strategy of what do I want, what country do I want to live in, will this organization that I'm applying for allow that those are the things you gotta now, once you get in, let's say you get a remote job, you're there.
Um, it's a great job. They're paying you. Good. All that kind of stuff. Now you're like, Hmm, can I travel? Uh, Venezuela Brazil, wherever Cambodia, wherever it is. Can I go there now? It's a matter of their policy right now. You know, that they're remote and all that stuff. You know that they're, it's okay. Maybe to travel, uh, internationally.
They haven't restricted you from that. Um, you've got your VPN, you got your protection on your system, all that kind of stuff. Now you're like, okay, the next question should be what other.  because some organizations will not allow you to go to certain countries and that's, it's tied to something called I a R and it's I don't remember what the actual acronym is.
It's and let me actually, let me look it up while I'm talking to you, you gotta look at the actual policies because that is super important. Um, you don't want to get caught, uh, traveling to some country you're not actually supposed to go to. And the, the company is obligated not to go to those countries.
Like legally you're not supposed to here. It's called it a international traffic in arms regulations, like arms you're thinking like guns and stuff like that. But, um, they're also talking about certain technologies that are wrapped into this, uh, into this. That the government has certain things that they do not allow com us companies to go to certain countries.
The reason why is because they, that that country might steal their, the intellectual property of that organization. A good example of this would be, um, companies like Lockheed Martin, who.  military, um, different military components. There's certain components that are proprietary and owned by the government.
That if it, you go to that other country and that country is spying or actively stealing anything on and off their network, uh, That's really bad encrypted or not they'll they can steal it and encrypted for later or something like that. Um, and that actually does happen quite a bit. Um, especially with the bigger countries, like China's doing that a lot.
And I, I don't doubt that us is doing that China and Russia is doing, they're doing all these major powers or doing that to one another. The point is though, from our perspective as workers, we just wanna make sure that we are. Gonna get caught, violating these laws and, and worse, uh, leak some information from clients and jeopardize our entire career based off some international, uh, incident, you know, like you don't want to be that guy it's just too risky.
So we talked a little bit about knowing the environment for that remote company, uh, knowing the policies is another thing that's huge and.  um, also making sure you don't violate any kind of laws that that company has. And that's normally tied into the policies. Now, one of the things that I did at the last place I worked at was I just asked, I said, Hey, are there any, what can you send me the laws of travel?
Like I wanna, I'm trying to travel. I didn't even go into details of that. I just say, Hey, can you send me the laws I read 'em myself. I'm not gonna ask permission and then get denied. Right? I'm just gonna.  and make sure I don't violate any major laws and then ask forgiveness. If they're like, Hey, you're you're in another time zone.
They won't even know I'm in another time zone, cuz I'm not gonna let them, I'm gonna be on the same. I'm not gonna violate any of their policies. I'm not gonna violate any kind of international laws are unit us national laws or anything like that. Um, so all of that stuff is good, but what I'll.  is make sure that I don't violate their, you know, I'm still on Eastern standard time or whatever the timeframe is.
So they don't even know I'm gone. Like I, I even travel sometimes I'll take, leave enough to travel to that other country. And then on Monday, Tuesday, when I'm supposed to go back to work, I'm bright and early working my nine to five. You. So that's some of the stuff I do. Um, I'm, I'm risk averse. Um, I manage my risk very effectively when I'm working for, for an organization.
I do not violate their rules. I do not. I just feel like the risk is too great for me. And that's kind of the mindset that you should have. I've not I've yet to be in trouble for traveling or anything. They don't even know I'm gone. I'm I'm doing everything I'm supposed to do now. Another. That you should think about when you're travel, when you're doing remote work and you're traveling, even if it's a staycation in another state, nevermind another country.
One of the things you should keep in mind is there's a few things. You, you need a place that's quiet. Uh, like right now I'm in this room here. It's, it's very quiet. It's very, um, there. I, I don't hear a lot of noise going on outside, but I've been in some places, especially in Southeast Asia where the noise level is super loud.
Like I was in Vietnam, the noise level was so loud. Like it, it, privacy was fine. I could just go inside of my room or whatever and, and shut the door, lock the door, whatever. Right. And had encryption, all that kind of stuff. But man, the noise pollution outside was seeping into the room. So you wanna have a place where you.
it's closed. You have privacy because especially if you're dealing with secret in not secret information, if you're dealing with, um, sensitive information from a client like vulnerabilities or IPS, you have to have privacy and you're talking on the phone, right?  I'll get to the encryption and all that kind of stuff in a second.
But I'm talking about privacy. Like you're on the phone talking to somebody, talking to your boss, talking to peers, talking to the client, the customer, whatever. And you might be talking about some sensitive information on the phone. So you want privacy, a room where it's not leaked the information not leaking out, but also that room gives you quiet where you can actually speak to them and, and have a conversation cuz conversation, you know, The communication is huge.
That's a big deal, uh, in cyber security. So you need a, a private space, the other thing, and that's pretty obvious, but the other thing is security. Um, whatever system you're on, you need to ha make sure you have firewalls in place, antivirus in place, and a VPN virtual private network either built in from the organization.
Preferably. So that it's their level of encryption and you don't have to worry about, uh, some private organization's encryption getting, getting compromised or something, which does happen by the way. Um, you you're using their VPN and, and all the information is protected on their system. And preferably it's encrypted when it's stored, not just when it's sent, like, normally we were thinking, oh, when I send this data on email or me.
It's encrypted end to end, whatever, blah, blah, blah. But also it needs to be stored, encrypted that way. If the laptop something happens, it gets stolen. God forbid, something like that happens, lost whatever. Even if they get the hard drive out, they pull the hard, the hard drive out the computer, and they're trying to get that information it's encrypted so that it's gonna be super hard for them to get that information.
So stored encrypt. Uh, data at rest encrypted data in transit encrypted. That's the level of security that you want if you're traveling, especially if you're traveling abroad. So we talked about privacy and being in a closed environment, but also the encrypt, the security of the actual system itself super important.
Um, those are some of the things you wanna really think. When, if you're talking about traveling abroad, because those things are super important. Another thing is if you do go out, um, you don't want to do your work in public areas. Like this seems obvious, but it's very tempting to be in these beautiful locations and do your work as a cybersecurity person, especially if you're signing, even if you're an administrator and you're signing into a server remotely.
Uh, you, you really gotta be mindful of your environment because you never know who's watching over your shoulder. You never know who's shoulder surfing. You never know who's, who's, uh, monitoring the traffic in, in the, in a public environment, cuz it's legal to do that, to monitor the traffic, any kind of data going, uh, in, on a wifi network and stuff.
Don't do that stuff in public at all. Forget about that. Don't do. So that's just some of the stuff I wanted to talk to you guys about. I mean, other than that, I could tell you about how my trip is going. Right, right now, let me see if I can set up some pictures and stuff. I could sh that I had set up here to show you guys of my trip here and how it's gone.
It's it's been going pretty good. I'm actually already in the works of doing, of getting back into work. Um, I've been doing some interviews here, and this is me, um, uh, with my partner here, we're just walking in this place called, uh, what is it called? Azure. I'm that's where I'm at right now. This is what you're seeing.
It's called Azure, um, Azure residence. It's got like a, a manmade beach area in a like five, three or four pools and, and, uh, it's right by a mall and stuff. It's just a. You know, this job in cybersecurity is very stressful. So right now I'm in between jobs in between work. And, um, I just decided to take some time before myself, before I go back to another job.
Um, one of the things that a lot of people don't talk about.  um, they talk about how great it is to be in cyber security and they talk about, you know, but it, it, it's a very, it's a stressful job, especially if you're taking on. Um, if you're taking on very, if you're taking on a high level job, there's a reason why it's high level.
Right. Um, I was doing consulting for about three years and, um, it, it was, it was pretty stressful. Um,  on top of that. I had some personal issues and you know, the show must go on. So I was doing, dealing my own personal issues and dealing with work and I have a side hustles and stuff. It just got too much.
And I decided to, to quit now, the job, they offered me a sabbatical. It's really hard to. High level, cyber security people. So they were trying to keep me, and I said, you know, I don't know if I return because I, this there's a lot of travel here. You know, there's a lot of travel and I don't know that my issues are gonna be resolved and I, it's not compatible with, with my new life situation.
So I told him. Opt it out. And they said, well, if you ever wanna come back, you know, just to let us know. And I said, you know, I, I told me, well, thank you. I appreciate the offering. But in my mind, I'm like, I don't think I'll be back because there's too much travel and stuff. I'm, I'm hoping that me telling you guys my situation maybe will help you, you know, and whatever endeavors you have, whatever you decide to do with your, with your life and your situation and stuff like that.
So you have an idea of how this stuff.  uh, one of the great things about, about the position I've put myself in by marketing myself and continuously growing in this field is that I is that I, um, I always have job opportunities, so I I'm, I feel okay with this situation that I'm in right now, I was. Save up some, some cash and, um, and, um, I'm not worried about getting a job.
I, I, I know I can get one, so I'm not, I'm not stressed out right now. You know, I'm, I'm on my, my third or fourth interview and, um, and I'm okay because I have so many options and it's a, it is a great feeling to know. I have enough options to where, to where I, you know, I know I'm gonna get a job is just a matter of, of time.
And, and there's nothing for me to stress about. And that's just because I, I have, I've built up certain. I have certain certifications. I position myself with my experience. I'll have my resume constantly being marketed it's out there. So I have people contacting me on Monday through Friday, I'm doing interviews, doing screen.
And stuff like that. So that's kind of where I'm at. That's what I'm doing here. I got about four or five more days left, and then I'm going back, going back to, um, let me see if I could find another video for, for those people who are watching this video. Um, yeah, I'm going back to go back to work here real soon.
Um, am I excited about it? I've been doing this for 20 years. You know, my excitement for. For this is, is not what it used to be. You know what I mean? Like it would take a lot for me to be excited about a new position at this point in my career. Um, maybe I'll find something that I'm excited about. There's been a couple that I'm like, Hmm, this seems interesting.
There's been a couple, you know, that I'm like, I hope I get this job. And so I, yeah, there's, it depends on the job, but there's a couple positions. I'm like, oh man, I don't know if I want this. That happens from time to time. I know I can do it. I know I'm qualified for this job, but I'm, I'm like, damn, I don't know if I want this.
I don't know if I want it. So, uh, there's about three companies right now that I'm in the works that I might, that, um, that I might get one of, either one of these positions right here that.  that I might get. I, I don't know yet, you know, but they're all risk management framework type positions. I've decided to get back into that.
I had a few options. I could probably go into either seeing technology or I can go into cyber security, uh, analyst work again, which was fun, but I kind of, kind of want to get back into my roots was just information system, security officer work. So that's kind of what I'm where I'm at right now and what I'm doing.
and, um, I should have a job I'm expecting to have something lined up by, by the time I, uh, get home, I should have something lined up. So probably when within another week I'll have something, um, something that I can do. But, like I said, I'm not even if it, if I can't get one within the next, I'm trying to find another video here while we're talking, even if I can't find another video within the next.
Um, so another video , even if I can't find another job within the next, um, Couple few weeks. I'll be, I'll be okay. You know? So the way I position myself, I'm, I'll be fine. Right. My me and my family will be fine. The, the one thing that, that really hit me hard is that seems have gotten much, much worse, has been the medical.
I, I don't have good medical insurance. So my insurance at my last job was really, really good. And now I'm like having to just. Use this second hand individual insurance that barely covers anything. And I am spending probably a, a, a cool $1,500 a month pull with everything and I have insurance. It's ridiculous.
I had no idea how broken this system is in the us. It's it's very broken. It's so bad that me coming here spending all the money. I. And getting medical insurance here getting medical coverage. And like my, I check in my eyes check and stuff. It's cheaper than me doing anything in the us. Um, it, it, it's, it's just sad.
Like what the state of the us is, um, situation is, is actually is it's quite, um, alarming how bad it is and, and there's no intention. There's no intention to do anything about it.  so yeah, insurance is, is it's it's, it's a disaster, man. If there's anything that's driving me to get this job faster, it's that?
Because the I've got two kids and you know, they're in and out of, in and out of medical, you know how Calvin kids is. I don't know if you know, if you have kids, you know, I'm talking about it, stuff happens. So they're in and out of getting treat, getting checked out and stuff like that. So, and it's not cheap at all.
So, yeah, that's what I'm doing. Just kind of giving you guys an update on what's going on with me. Um, I'm doing right. Um, still helping as many people as I can, as far as getting work and stuff. Um, I'm gonna end this one here real soon. I'm gonna put out much more information on, on podcasts, much more podcasts.
I just have to set up the right site for it. I think maybe if I put 'em on the site that my, my normal blog site, maybe, I don't know. We'll figure it out. Thanks. Thanks for watching guys. Thanks for listening. I appreciate everybody. If you have any questions, comments, or concerns, please hit me up on YouTube.
Uh, comment, email me, whatever there are topics we can always cover, but I will catch you guys on the next one.

Sign up for free courses! http://convocourses.com
This is a live podcast from my travels in the Philippines. I answer some questions that I go on TikTok.
 
0:00 - Differences between NOC and SOC 10:40 - Go From NOC to a SOC 11:52 - How to Tailor Security Controls in NIST 800 24:36 - Certification should Match your Role 26:28 - Cybersecurity is about taking care of others 32:00 - Being Underpaid in information security 34:57 - Cybersecurity guys have crazy hustle 43:29 - Skills you gain as an ISSO 47:47 - When to Add Skills to Your Resume 53:18 - Asking for a raise as a cyber security 57:00 - information security and my remote opportunity 59:07 - cybersecurity tools and information security 01:02:49 - GRC tools xacta emass archer 01:06:16 - Helping cybersecurity people and risk assessments Check us out here: http://www.nist80037rmf.com/ http://instagram.com/convocourses https://www.facebook.com/ConvoCourses... https://www.linkedin.com/in/convocour... Podcasts / downloadable mp3: http://www.nist80037rmf.com/convocour... https://podcasts.apple.com/us/podcast... http://www.nist80037rmf.com/category/... #convocourses #cybersecurity #isso #nistrmf #rmf #usajobs #itjobs