ConvoCourses

http://convocourses.com
 
from Oct 11, 2020

http://convocourses.com
check out the video: https://youtu.be/TGrw5yT6sSY
 
Hey guys, this is Bruce and welcome to combo course podcast. And today we're gonna be talking about a few things. One of the things I wanna talk to you guys about is process versus prize or system over goals. And this really applies to everything in life, but we're gonna specifically talk about cyber security.
Another thing I'm gonna show you as a new book I'm working on. It's not, it's gonna be out. I don't know, probably within the next month and a half, I gotta get it edited and all that kind of stuff. I'm actually still writing it, but it's gonna come out soon. So that's. Something we're talk about, then I'm gonna open it up to any kind of questions you have about getting into this space in cyber security.
And in the it, I got a lot of people contacting me about how to get in this field. That's growing really fast or how to upgrade themselves and all that kind of stuff. I've been doing this for over 20 years. I'm a subject matter expert specifically in cyber security compliance. That's, what I've been doing for most of this time that I've been in this space.
And so if you have any questions about that, how to get in it, how to, what to do like specific questions even I can answer 'em on this live. All right. Let's get into this. First of all, I want to tell you guys that I have a site called combo courses.com where I sell lots of stuff. A bunch of courses, also books, and a ton of stuff for free.
If you are interested.  So if you're interested in that, go check out convo courses.com. Like, I said, lots of free stuff. It's free to sign up lots of training downloadables if you happen to be in this space I'm constantly giving out free stuff. I'm trying to build a community. And that's why, if you have question, why I'm giving out anything for free, that's the reason why cuz I'm building a community I'm, thinking bigger.
I'm thinking about making a community that helps itself and Built one of these before in a whole different genre. And it, works really well. So that's what I'm doing. If you're interested in joining that community, join me on, YouTube. Join me on discord. Join me on TikTok. Join me everywhere.
Combo courses, just type to combo courses. You'll find us out there where have a growing community of people that's coming together to learn this to, level up together to, get more to, make that money really. That's what it comes down to for take take, care of our families and take care of ourselves.
Okay. So what I'm gonna talk to you today about the first topic of discussion will be about will be about process versus the prize. A lot of people contact me about trying to get to certifications or degrees and which ones should they get and all that kind of stuff.  and it's really the wrong question and I don't fault anybody for it.
Because I was, I had the same kind of questions when I first started. You should be focused more on the process and this, really goes on everything in life. Your focus should be not on the prize, not on how many likes you get, not on how many people are watching you, not on how many people or how many degrees you're gonna get or, courses or any one thing.
It should be on the process itself. And we're gonna specifically talk about cyber security, cuz that's my profession, but this really applies to anything in life. Let me specify what I mean by using this an example. Lately people have been asking me about the a plus comp Tia certification and how do you get it?
Where, do you get it from? How do you know all this kind of, what kind of job can you get if you actually do that, all that kind of all those kinds of questions and is there's nothing wrong going for that certification or any other certifications. Absolutely nothing wrong with that. And I would encourage you to get it if this is your first time getting in, into cyber security, into it in general it's a good thing to get.
But what I wanna say is that the most important thing that you should focus on is the process of learning this the common body of knowledge that goes into it. And the reason why I say that is because if you focus on the common body of knowledge, if you focus on actually learning what you have to do in to get that certification, to get that it certification.
If you focus on that,  you'll have all the knowledge that you need to go ahead and take the Google support it certification. You'll have the knowledge that you need to actually go ahead and take the in network plus certification. You'll, have all the knowledge you need to actually spend your, whole your, whole resume.
If you actually learn the stuff that's in the comp tier a plus certification, right? It's just one thing. If you focus if you focus on just that thing, just that one prize, you'll get that prize, and there's nothing wrong with that, but I'm telling you to focus on the whole orchard. I'm telling you to focus on the seeds.
That's gonna get you like not just one certification, not just a little bit of experience, but expand your whole horizon and get you way more knowledge, way more certification, way more experiences and, actually get more from the fruits of your labor. To do that. You gotta focus on the actual labor, not the prize.
The prize is cool. I'm not telling you like not to get it. I'm saying expand like what you are, what you're doing by focusing on the work, focusing on the process itself, of learning the process of learning all the curriculum that's in CompTIA. And let me give you a specific example of what I'm talking about.
Let's go to CompTIA. Let's we're gonna use CompTIA a plus certification as an example of what I'm talking about. This is my, this was my first certification and this is why I promoted so much because after I learned that certification, I knew enough about computers to where I could get in this field.
And I was working helped desk for a while and I learned enough about troubleshooting and all that kind of stuff to where it, was able to expand my entire career. Eventually get me to working, making six figures and being able to take all these vacations and all kinds of stuff. But here's the curriculum right here.
And if you're listening to me right now, it's, I'll read it. There's nine skills that you have to master to validate your CompTIA, a plus certification, hardware, operating systems, software troubleshooting, network troubleshooting mobile devices, virtualization, cloud operational procedures, these, all of these things.
And these section, if you actually buy the book, these are the sections, some of the sections that'll mainly be broken into. And of course, it'll go more detail in each one of these areas. If you actually learn this stuff and not just go ahead and take the test and pass, cuz that's, actually the easy part taking the test and passing it you can actually go.
and take a bunch of just retake the test over and over again. And eventually you'll pass the test. I'm telling you to study the common body of knowledge and know and understand what's actually happening. Do go beyond just taking the test, go beyond just taking the questions and passing the test, go into actually setting up a lab in your house, figuring out how to put all that stuff together, figuring out your own network, figuring out how firewalls, whole space firewalls work, how's that different from network, firewalls, learning, all that stuff by maybe even actually doing it in your own home.
Maybe actually helping your community out. If there's an opportunity for you to do that, actually getting hands on to where you literally understand it, building your own computer, things like that, to where you understand it. So fully that the comp Tia a plus certification, when you get it is not a big.
It's your first certification. So obviously you're gonna be patting yourself on the back, but what I'm saying is if you expand your base and you understand this stuff, like you really deeply understand it, you can go then and go take other certifications, entry level certifications, easily like a plus certifications, the natural next step in your evolution.
And then the next thing you could probably take is a com is a Google support it certification, which will probably be easy for you, cuz you have gone so deep in the rabbit hole for a plus certification. I'm telling you to learn the common body of knowledge and learn the process, put the, put that work in and that will give you all your other, everything else.
You'll get all kinds of other prizes, not just the certification, right? And you might even inspire you to go get a degree. If you choose to go that path, you don't have to, but you could the process over the prize. This is book I read. A really good book. I encourage you to go out and get it. It's called atomic habits and it's really, it's a really good book.
And he, one of the things he said in the book was don't focus on the goal, focus on the system, creating a system to get that goal. And that's what I'm talking about. So if you focus on the process, that'll get you to that certification. You can get a whole bunch of other certifications and experience. If you actually understand how to build computers, how to build a network, if you actually have a hands on that you can do in your house nowadays.
So that's what I'm trying to encourage you to do super important. The next question should be how do I, get developed a discipline to focus on the work rather than just the prize? Because it's easy to work, focus on the prize. Like you're thinking about, okay, if I make this $65,000 a year after I get the certification, or if I can, if I, maybe I focus on getting I'll be able to get six figures.
If I get this professional level certification, and now I'm not telling you not to get six figures, I'm not telling you not to get a professional level cert. I'm not telling you not to get agreed. None of that. I'm not telling you that's the fruits of your labor. What I'm trying to tell you is if you focus on the actual process, if you work, if you focus on the discipline in that process, you can have any damn thing you want.
And what happens, what I've noticed is what happens is like when you focus on that discipline in this career path, all the people who I know who, are at this super high echelon is super high level. All these guys are highly accomplished because that's exactly what they did. They're more focused on like actually knowing and understanding how to do this stuff.
and because of that, all these other certifications are within their grasp. They have all these other opportunities and all of these other success factors that come in because they actually know the material. So well, that's where I want you to focus on. If you focus on the discipline of doing the process, then everything else you'll not only have the certification, you'll have several other opportunities to take other certifications, cuz you'll understand it so effectively.
And then after a while you notice a plus certifications is not that big of a deal at all. You'll notice that the does any certification is not that big of a deal. One of the things that I've learned on this path of just having the discipline to to, really go deep in this and become a professional level, subject matter expert in this field is that.
whenever I go to a new organization, they're always pat me on the back. I get all these certifications. I get all these awards I should say. And and I'm not telling you that to like brag or anything like that, cuz it's not bragging rights for me. It's bragging rights is that I was able to take care of my family.
It's bragging rights is I was able to take my family to Hawaii. That was dope. I do this for my family. I do this for to do better than just survive. And for me that's the greatest reward that I could ever receive because of that. I don't care that some giant company gave me an award, gave me extra a little bit extra cash because I, accomplished something within their organization.
When you I'm focused on the process of allowing us to have a roof over our head and to eat good. That's what I'm focused on. The process that it takes to do that means me studying sometimes late at night means me waking up a little bit earlier. Sometimes means me putting in the work that I need to do beyond motivation.
Cuz sometimes I'm not motivated. Sometimes I'm sick to my stomach and I don't feel like doing nothing. And I don't feel like getting out of bed. I, all I wanna do is watch YouTube all day and watch stupid videos. That's why , but what do, but I know that the discipline has to take precedence over bad habits, so once you get that in your head, once you start to develop this muscle of just having the discipline to get outta bed and go stay up late or do other things you need to do to make these things work. It, changes everything in your whole life. And I'm not just talking about cyber security.
I'm talking about everything in your life. . If you focus on the process and the discipline that it takes to do that process, you can do anything you want to do in this life, but it takes motor. It takes discipline beyond motivation. Motivation's not enough. You gotta have the discipline to do it. And that, and cyber security is no different.
So that's all I want to say about that. It's just something that I noticed about my own life. Anything that I've done in my life that was successful, but it came because I had the discipline to put, I put in the discipline to do it. If you go out and the discipline takes you to another level because, if I fail a certification, you only fell.
If you quit, I'll just keep taking it until I pass it. That's what I'll do. I won't. I do. I will not quit. I'll just keep taking it until I pass it. Once you get that discipline in you, nothing is gonna stop you. You're just gonna keep doing it. Okay. Anyway, let me tell you guys about Couple things here.
So if you didn't know, my name is Bruce. I run a site called combo courses. I'm building a community of like-minded cyber security, people who wanna teach each other, learn from one another. I call it combo courses, cuz it's a conversation between me and the community between us, the, between the community and itself.
I'm, building a community. I've got 10,000 followers on YouTube. I've got a few followers on on Facebook. I've got a few followers on my Facebook group on, discord, on and starting to build a community on TikTok where we're just helping each other out, learning from one another and building up and that's the, ultimate goal to this whole.
If you're interested in learning more, you wanna follow me go to YouTube and then go to combo course type in combo courses. You'll find me there where I talk about all things related to cyber security. Talk about how to get into this field. I talk about how to do risk management framework, which is my specialty and, security compliance.
That's what I mainly focus on. If you're interested in getting more out of this, I've got a book out there. That's related to my actual specialty, which is risk management framework, where I talk about the security controls that go into N 800 risk management framework. I've got one that's foundational and I've got one that like foundational, meaning you don't have to know anything.
You just listen to the book. I got it on audio by the way. Or, you can read the book and and, learn a little bit more about that.  And it's so popular that people are literally copying my book like this dude copied my book and is selling it. He copied my book and selling it as his own anyway.
So it must be good if that's the case. I've got two books out there. I'm building more than just a book. I'm building a entire community. I'm building a a, an entire something where you can talk to me directly. You could talk to me directly and ask me specific questions about how to do this. And I think that's why a lot of people have been following, because I answer questions that they ask me.
So if you have any questions whatsoever, feel free to con to call up to email me, or you could actually ask me a question right now. If it's related to cyber security, I'll do my best to help you out. And, that goes for everybody in this community. I really appreciate all the people who've been following me.
I appreciate all the questions. I appreciate all the accolades, all the. Great comments that I've gotten on my book. It's, really been a great, a very rewarding thing to see people actually commenting and, leaving positive comments on my books and stuff. So that's really good. If you didn't know, go to amazon.com type in risk management framework or Bruce Brown.
You'll see my book there. And I also have a site called combo courses. I have a podcast I'm doing at least once a week. I've got I'm on YouTube doing combo courses. So follow me if you're interested in this kind of content, if you're interested in getting the it or a risk management framework then, follow me.
All right. And I'm gonna show you guys a glimpse of the book then I'm writing right now is how to improve your resume and, be able to get people to contact you. Cuz that's what I've been doing in the last few years. Reason why I've been able to get all these jobs quickly. Okay. Deru has a question on YouTube.
He says, Hey Bruce, what resources would you recommend for keeping in tune with the latest. And updates in cyber security. And I would say de truth. That's a good question. By the way, I would say that really depends on what categori category, sorry that you have in cyber security because there's many different cat cyber security is a huge category.
It's huge. Like it's a huge field. It's a huge umbrella. You've got everything from risk management framework to you've got cyber threat intelligence which, does threat hunting. You've got you've got Intel, which is considered a part of cyber security cyber Intel. You've got forensics, you've got all kinds of different branches of cyber security.
So it really depends on the branch. Now, if you want an overall of all cyber security, I could tell you, I could tell you some of my resources. And then what I'll do is I'll break it down into different genres of, cyber security, the ones that I know. All right. So first the first really good resource would probably be the CIS A's website.
CISA is a government site not, the actual certifications from Isak. I'm talking about csa.gov. And so CS a is cyber security infrastructure and security agency. This is one of the most one of the best resources. Let me just switch my camera here for TikTok, for those who wanna watch. So this is SI this isa.gov csa.gov.
And these guys are one of the best resources for things that are going on mostly to the whole United States, like federal government, state governments. If there's a huge hack, you'll see 'em here. Pop up here. You'll also see different vulnerabilities that come out like the big ones, different malware.
Like right now here they have 20, 21 top malware strains. And then they've got a blog here with the newsroom. Let's just go to, let's go to this one. This is dated August 31st, and this is SAFECOM publishes 2022 SAFECOM strategic plan. This is all like federal type stuff. So if you are in the federal space, this is one of your best resources.
Let me see what other resources are there? Other places you can go if you happen to be in vulnerability management are the people who like manage they manage let me see if I could switch. Oh, you switch it like that. Huh? Oh, that's cool. So messing around with TikTok , that's what I'm doing in the background.
So vulnerability management, that's people who take care of their organization's vulner patches, right? PA there's patches that are always coming in. And they have to update 'em. So one of the best resources for that is probably CVEs is a huge database of all the vulnerabilities that are popping up throughout the industry.
That's through a vendor it's all vendors. So it's not any one specific vendor that being said, vendor. If, you have say Microsoft patches, then the best resource is Microsoft for, their most recent vulnerabilities in how to fix 'em. And then if it, if you have a Cisco device, it's Cisco.
That's the best place for the most current things going on with Cisco. And if you have an apple product, same thing, like if you have a Macintosh, you go to the vendor, but this CVE site is really good because it has a huge database. That's constantly being updated to inform you of what is going on for vulnerabilities.
Let me see if I can find a really good breakdown of this. Let me see, where do you normally I find the individual CVEs from the, from Google. Let me see CVE resources. Okay. Just trying to find like a specific CBE that I could show you here. So yeah, CBEs are good for for, actual vulnerabilities and then there's Like I said different branches of cyber security.
So each branch has its own like group of resources. Government has C I S a everybody in a lot, everybody in the government goes to C S a site. And they have the most recent APTs advanced, persistent threats, most recent vulnerabilities, all that kind of stuff. What's what the government's doing.
Like what, where we should be focusing our energy. What it's, really good resource. And CVEs, this is like a huge database of, all the places you want to go for vulnerabilities. And I'm look, I'm still looking for the actual database  of the actual vulnerabilities. Let me just, okay. See CVE I'm on Google right now, typing in CVE.
Let me see a specific one would be iOS CBE for I iOS. They have a vulnerability data database that has every single vulnerability you could think of. So this one's for iOS 15.6 and at this is going straight to apple site for 15.6, a recent kernel update and web kit update that they have. And it's for CVE 2022 3, 2 8, 9 3.
You might be familiar with this one, but I'm gonna type that one into Google. And it goes straight to the CVE site that I was just on. And then it'll have a breakdown of, how it affects other things. So this is one of the best resources that I, was, we were using a lot in almost every place I've gone to.
We use the same thing, private sector and. Public sector uses this one. Now, if you're in the department of defense, let me show you like department. See, it really depends on where you're at, but department of defenses, best resources is called dissa. D I S a DISA do mail. Okay. So D the DISA mill website has some of the best resources as far as how to fix your system.
They have the STIGs the, security test security, technical implementation guides, one of the best resources on the internet even, the private sector uses it. That's how good it is, but this is a really good resource for department of defense and actual federal government. And it's so good.
Recently it's gotten so good that even, the private sector start using the STIGs. So yeah here, it is right here. Here's the news that they're always releasing different stuff. That's related to department of defense, mostly. But. Their STIGs are incredible. Their training is ridiculous. It's one of the best resources.
It really depends on what branch and what area of cyber security that you're going in. But so I, hope that answers your question de truth. Specifically, what area, if you tell me, what area of cyber security you're in, we could find like a really good resource for it. Okay. I've got a question or comment on, TikTok.
They say, Hey, hi, Bruce. How difficult is it to travel with a security clearance with, or without a job? This is a great question. Okay. The question is how difficult is it to travel with or without a security clearance? It's not difficult at all to travel with a security clearance. It just takes a little bit of research on your part.
It depends on the, on your clearance. So Deru thank you so much for that 19 bucks. I appreciate you. So let me, this is a really good, this is a great question. I'm glad, so glad you asked me this question. So let's answer this now. I'm speaking from a person who's had a public trust, which I have right now.
I've had a sec, a secret clearance, and I've had a Ts S E I clearance. And I've known people who have a higher clearance than me. And I could tell you there's there is a difference. Alright, how difficult is it to travel? It's not difficult. You can travel anywhere you want. However
I'll start from the highest and go to the lowest. Okay. So a friend of mine and I won't name names, I won't tell how, what kind of clearance he had. I'll just say it was a hi, his clearance was higher than sci this. If you wanna Google what that is, then just research it for yourself. Just go to Google and type in high clearances.
High top secret clearances. He had one of those. He had something above that, and this dude could barely talk about what he did. He was very guarded. He said that they tapped his phone. Like they knew where he was at all times. It's it is the most ridiculous thing I've ever heard. It's preposterous. I said I would never work for an agency that does that.
They openly told him, Hey, by the way, we are tracking you we know where you're going. Here's and then they told him there's places you cannot go. It's, there's places you couldn't. And then when he named the places, I thought he was gonna say oh, I can't go to obvious places. Like I can't go anywhere near Iran.
I can't go to there's certain places in some, countries in Africa, you can't go there's certain places in. But then he said he couldn't go to certain parts of the Philippines. I was like, what? There's certain parts of the Philippines. He couldn't go because there was terrorist activity there.
And I was shocked. I'm like, I never heard of nothing like that. I didn't for a second. I didn't even believe him. Then he started breaking it all down. Cuz there's like some kind of terrorist threat and some part of mening now I'm like, are you for real? And then there was, they even questioned people.
He talked to whenever he would go overseas. So they weren't. And then a lot of times they weren't saying you can't go, but if you go overseas, you gotta tell us where you're going. You gotta tell us who you're talking to. That's the kind of clearance he had. All right. I don't like, I don't know much about that.
I can just, all this is hearsay and bullshit. Okay. So do your own research on that one. I'm just telling you what this dude told me. Let me tell you about something. I know about the clearance. Like I had to tell top secret S sci I had a secret clearance and I had a, public sector. I'm gonna tell you about those three.
All right. So in my experience, number one, there's no, they're not restricting me to. To most countries, the countries that I'm restricted to go to are obvious, and most, Americans should not go to these places. North Korea. Don't go to North Korea. Just don't. If you wanna know why just Google it, just do your own research.
Don't go. It's just stupid. It's just dumb. Don't don't do it.  just don't especially if you used to be in the military, just don't do it. I don't, I just, anyway, I'm saying that because people have done it, you probably might be thinking like, why would nobody goes to North Korea?
People don't do it. Iran. Don't just, don't go. The us. And unfortunately it's unfortunate that our countries cuz it's a, it's an amazing place with amazing.  amazing human history is happening there. And it's a shame that our governments can't work things out to where human beings can't go to certain parts of the world.
To me, it's just dumb, but if you have a clearance yeah, they monitor that there's certain countries you really will lose your clearance over. There's certain places in there's certain countries in Africa that you can't go certain countries in Africa. Can't go, cuz there's too many. There's a list.
Normally when you go to an organization, they'll have a list of places that you, they recommend you do not go. And so when you're, when you have your clearance, you're at this organization, one of the first things you should do is figure out what those countries are and what the policy is for your organization that you're working for.
What policy do they have that says, okay, you cannot go to these places. And here's why, and the reason why that you can't is because of this thing called I a R. And so I a R is. Oh Lord. What is the acronym? I a it's like international. If you guys know what it is, please let me know. I can't remember off the top of my head.
I a R is international trade arms. It's okay. Here it is right here. International traffic, and arms regulations. It, doesn't like this, the name of it doesn't fit. What it does. That's why it's confusing because it's not just arms that they're tracking. It's like all kinds of techn technical goods and, certain technologies.
And I of understand why they do it because if you look at a country like China, China steals a lot of in an LA. This is not, cap. This is not conspiracy. This is real China. And other countries will steal certain technologies from us companies. They do this on a regular basis. It's a pretty smart move.
I think they steal your, their, I. They've done it to Google. They did it to Google's search algorithm. They did it to Cisco. They did it to they stole the, that what's that jet. Oh my gosh. The joint strike fighter, they stole all the, they've done it to multiple successful organizations.
And not just in the, to the United States. China's just one example. All countries do this, all countries do this to one another, they still intellectual property. And then they either implement it or do something in their own country so that they can get a leg up. But a lot of people do this to the United States cuz of the United States, regardless of weight, how you might.
About the United States. It has some of the greatest innovations on planet earth. And it's because we're living in some sort of golden age where all this stuff is coming out. Like eventually this is gonna die out. Eventually all the ideas are gonna shift to another part of the world, probably China or something.
But right now us is in this place where all these inventions are happening. Mostly from even TikTok, TikTok used to be vine. You know what I mean? Like this idea of TikTok was taken from vine. They looked at vine and said, wow, that's successful. And then they reengineered it, made it better. And, then absorbed musically.
And then now you have TikTok, vine started in the us and I don't know, like what's going on in the us. Why there's so much innovation, why there's so many, I think it's because the, in my mind I I know it sounds.  stupid conspiracy theory, but, or some kind of stupid faith patriotism, but it's because we're, there's freedom here.
There's freedom to think what you want and do what you and make mistakes. And that's why there's so many innovations here, I think. But if and if you, travel the world, like what's weird, what's crazy. When you travel, speaking of traveling, you see how much influence the us has on other countries.
You see how just going like Philippines. I was in the Philippines like last two weeks ago, three weeks ago. And everybody's wearing Fu boo shirts. Fu boo is a us brand from diamond. What's his face? Not yeah. Diamond that billionaire the, billionaire on on shark tank, that dude came up with that brand and that thing's all over the Philippines.
One of the most popular brands in the Philippines, you're walking through the mall and. I'm just saying like the influence that the us has is crazy. So one of the things that they, that country like different companies will have you do is Don not do not take our intellectual property to these countries.
They'll have a list. Don't go to those places. If you value your career, look at what their policy is and adhere to it, if they're saying, do not go to these countries, don't do it. So that's what I'll say about that. It doesn't. So to answer, go back to the question. went off on the tangent, the que original question from, to was how difficult is it to travel with the security clearance with, or without a job?
How difficult is it? It's not difficult. You can go wherever the hell you want. The problem is there's certain countries. If you go to go there, if you have a high enough clearance, you can lose your clearance. And they'll have a bunch of questions at the very least. They'll have a bunch of questions when you get back and they'll know where you went.
What you can do is before you go, is you tell them I'm going here and then they'll have a list of things that, that they will, that they'll say for you to do or not to do. Is it difficult? No. Can you go, yes. Can you jeopardize your job? Depends. If you, violated that, that organization's policies and yes, that you can lose not only your clearance, but your job as well.
So just keep that in mind. Somebody on TikTok said, Hey, yeah, they they're incredible at reverse engineering facts, Then in the Chinese, like in my mind, Chinese are the smartest human beings on earth. The Chi the Chinese are ha they're you say what you want, but man, they're in a they're I don't know, like it's so smart to steal.
Like this is the smartest thing. You can do steal a billion dollars worth of research, take it to your country. And then boom, you have by. You have WeChat, you have TikTok. How smart is that? That's brilliant. I am a lamp seeker says you might end up with a polygraph. Oh yeah. A polygraph test.
So one of the things that will happen is that you come back from your trip overseas and then they'll give you, you a polygraph test where they'll ask you a bunch of questions. Have you talked to any foreigners? Did, any foreign person come up to you and, ask you questions? This is just what I've heard from the, my, a friend of mine who has a high enough clearance to where they ask those kinds of que that's of what happens if you have a high enough clearance.
So do your own research. If you happen to be at an organization that has clearances and stuff, and you're dealing with sensitive information, look into their policies, look into I a R, which is international traffic in arms regulation.  It's, not as bad as you think norm normally it's gonna be obvious places that you shouldn't go anyway, as an American citizen, it's just, you're jeopardizing yourself.
know, I'm just being real with you. Don't, there's certain places you shouldn't go. If you want to know what that list is, you can probably go to they have a list of them on us embassy. The, state department has a list of places that they recommend. You don't go. If you have a clearance, you should probably listen to that list.
Especially if you have a high enough clearance. All right. Let me ask, answer another, read some more comments here. Deru thank you so much, sir, for that, that 20 bucks, I really appreciate you. It says, I appreciate all you do. Your courses have helped me tremendously to learn risk management framework for my everyday duties.
Thank you. And please keep up the great work and teaching people, man. Thank you Deru I really appreciate you, man. I appreciate this community. Thank you guys for watching me for all these years. Much appreciate it. All right. Let's keep going. I'm gonna answer a couple more questions. I'm not gonna be on here that long on this one.
Feel like I said what I needed to say, but if you guys have any questions, I'll stay as long as we have questions. Let me see I'm going on YouTube right now and answering some questions from there. Have a very lively, active community on YouTube. If you're interested in getting diving into this. But I have one, a couple comments on, TikTok says I agree with you.
you have to have some permission to go to some certain countries. You might get a polygraph. Wow. Yeah. He, this guy knows what he's talking about. So speaking back on, on this security clearance issue, not enough, really people really talk about this. And that's why I think I get so much traction on, YouTube and social media when I talk about this kind of stuff.
But he says he says, he, when I was, what I was saying is if you travel with a security clearance, you should get permission. The right thing to do is to talk to the organization. Okay. That's the safest and right thing for you to do. If you have a clearance, if you have anything I say above a secret, if you happen to work for, even if you don't have no clearance and you're working for a, an organization who deals with sensitive information, especially if you're trying to work from those countries, like you should really think about doing this, talk to the organization first and say, Hey, next month,  I'm going to Thailand next month.
I'm going to Indonesia. I'm going to Columbia, wherever the case may be. Just let 'em know. And what'll happen is because I've done this before the HR department will say here's a pamphlet of places. You shouldn't go in colo while you're in Columbia or you shit, you can't go to Cuba  you, can't go there.
Here's why. And you might not agree with it. You might think it's stupid and maybe it is. But the point is, if you try to go, you could lose your clearance and your job in certain places that you go to. And then he lamp seeker says they might do a polygraph test on you. Like when you get what he means is I think this is what he means.
This never happened to me. When you get back, they might ask you some questions and hook you up to a polygraph test to see if you're lying.  I'm not that's isn't that crazy? That's never happened to me, but a couple friends of mines that happened to that have a high enough clearance that, that happened to I'm like, wow, really?
Yeah. So just be mindful of that. You can go. But the right thing to do is to talk to your organization before you go and do your own research too, look at their policies, right? If you don't wanna say anything, you want your own privacy, whatever, do your own research, because they'll have a policy that tells you flat out, Hey, look at the HR departments travel.
They have a travel guide for you. Look at their read that thing, especially in the foreign country, foreign travel, read that, and they'll have a list of do not fly. Like you cannot go to these places. And here's why I a R whatever the case may be. Here's why you can't go. Or they'll say you can go there, but avoid these places, or you can go there, but.
Don't talk to you gotta avoid talking to just any random people coming up to you to asking you questions. And the reason why I say that is because one of the tactics that organizations from a foreign organizations will do is they'll have a casual, fine looking young lady. Come sit next to you at a bar and start asking you a bunch of questions and get real, real intimate with you and ask you a whole bunch of questions to get more and more information off you and try to date you.
If it's really serious, they'll date you like a damn spy and get even more information while they're dating you. Right now, you have a long distance relationship with a person who works for the CCP or something. If you think that this is crazy talk and spy talk, this actually happened to a couple Canadians, happens to Canadians and Americans.
You don't believe me. Look it. Like they work for the government or they work for a high level organization or just an organization. All these innovations they'll get really close to you. Then they'll start asking a bunch of questions. Just be careful. All right. Lamp seeker says, keep up what you're doing.
Thank you, sir. I appreciate that. It says even a secret that you have you have to get permission at least 30 days. Oh Oh. you're saying if you have a secret clearance. Okay. Okay. Listen to this. Here's some insider information right here. If you have a secret clearance, you have to get permission at least 30 days ahead, and some require 45 days or more.
So the right thing to do, and he says I'm an ISSO, but I was in industrial security for 15 years. Oh, here you go. Right here. So these guys put me on a game, like people like this is combo courses right here. This is what I'm. This is why I do this. People like this dude right here who come and educate me.
This is a great opportunity. A teaching moment. So I didn't know this. So listen to this. If you have a secret clearance, especially if you work in cyber security, right? Regardless it, if you could work in the hospital, sweeping floors, if you have a secret clearance, he's saying some organizations require you to let them know 30 to 45 days in advance.
And he's saying he's an ISSO, but he used to work in industrial security for 15 years. Industrial security are the guys who are really, deep into things like I a R really, deep into things like personnel security. So this guy knows what he's talking about. When one time I was doing it live and I was like, I don't know, I've never had a polygraph test and I don't know how it works and this dude just schooled me on it.
And I was able to, we were able to push that information out. So other people know information about a polygraph test. So I really appreciate that. Thank you, lamp seeker, great information. And he says, especially if you didn't get permission yeah. You gotta get, you should get permit. That's the right thing to do that's the right thing to do.
All right. Let me answer some questions on YouTube. And in Deru adds to that conversation, he says, always talk to the FSO of your company. And that's a correct me if I'm wrong, but facility security, officer functional security officer functional FSO is like a security person. Who, does secur personnel security.
Like they, they make sure that you, if you're gonna travel somewhere you're read up on any kind of issues that going on in that country. If there happen to be any things like that you, have to have situational awareness. You should know what you're just getting yourself into. If you do go to another country.
And that's something that I've been really good about, I travel quite a bit and I've been traveling even when I was in the military, I would travel. And you it's really important to know situational awareness. And let me just give you a couple stories, cuz I've been traveling since I've had up to top secret clearance and I've traveled extensively.
I've been to 15 different countries. And while I had clearances while I was working in the private public sector and I, know a little bit of something about this and I'm, gonna tell you a story. So when I I was in I used, I was stationed in, Korea. I was stationed in South Korea and this was in year 19.
I'm dating myself, but it was in 1,998  to, the year 2000  yeah I'm, a little older than I looked. Yeah, I was stationed there and I would just go off base. I would just roll. I would just roll off base. I was in Kusan and Osan that area. And I would I was actually in working in security.
I was a, I was physical security at the time. I was a security force member in the mil, in the military. That means I was military police as probably the thing. Everybody understand really. I was weapon specialist. I was high level security guard anyway, so I would just go on. I learned Korean onion, AHI come, Sony die.
I learned some Korean and then I'd get in the car. And the taxi, and then just go, and so the problem with that is that there's certain places in Korea that people don't really didn't at the time and probably same hated Americans at the time. There was a bunch of colleges that how colleges are, right.
There's just a lot of younger people and influenced by a, like a rebellious mindset. And they, it, bottom line is they hated Americans and they blamed the us for dividing the north and South Korea. And the reason why I know this for sure is cuz that's the red Eric. They were saying when they were out there protesting at the colleges and also that's what some of the gate guards, I would have to work with Korean.
The Royal the Republic of Korea army and air force, I would walk, I would talk to 'em. Some of 'em were really cool and taught me Korean and, I would talk to 'em about English and hip hop and stuff like that were really cool, but some of them hated me and they would not say three words to you.
And I would still talk to those guys and they would flat out telling me I don't like Americans and I'm.  and a little bit in Korean, why don't you like us? And they would tell me you guys divided the us government divided our country in half. And you guys are the reason why north and south are no longer speaking to one another it's you are the reason if you guys left, we'd be able to unite Korea and I'd be like, what?
I'm like, that's not what I was told, and I was like, then I thinking are both of us being fed propaganda for our go from our governments? I was just thinking about all this stuff long. Okay. Let me get back on track. So I'm off base and people are super cool with me. I'm some black dude in, South Korea in the middle of nowhere.
Nobody can speak English. I'm speaking, my broken ass Korean and people are super cool, but it's the older people who are. Younger people hated Americans. And so at certain places that you would go get back to base and I was cool, right? I just met a couple. I had this great experience in Korea and everything.
I was just like, happy but I get back to base and they said, Hey there was a dude who got killed. There was an army dude who was in the wrong place at the wrong time. And this mob of Koreans killed him because they were having a protest. And I don't know what this dude was thinking, but he was walking by college and this mob killed this dude.
And they were saying, do not go to these places. Here's the this area here, and this area here, if you are an American, do not go here, period, you are not allowed to go there. And they told us why they, killed more than one soldier who would happen to be near those. You might, they might have had a girlfriend there.
So I don't know, but these dudes were killed and I was like, damn. Luckily there were no not big colleges where I was at, but just situational awareness. You gotta know what's going on. So whenever you go off base, whenever maybe you have nothing to do with the military, you just traveling abroad or whatever, just know what's going on.
I'm not telling, I'm not trying to scare you from going abroad, man. You should definitely use leave the United States and go experience the world. Experience, humanity, experience other cultures, man, it's gonna open up your eyes to a whole different I'm different, man. I'm, I've been to several countries.
I've seen extreme poverty. I've seen extreme wealth. I've seen I know that the us lacks heavily in certain areas that we shouldn't lack in, but I know that we, that the us is so successful in or other areas. The U. The world is not what you think it's, way beyond what you believe or watch on TV or whatever.
Like you gotta go there though. I'm not trying to scare you into not going, but I'm just saying have situational awareness. One of the things that military taught me is you gotta know what's going on for your own safety and security. Read the news that's going on in that country at that time. See what's going on with that country.
I'll give you another story about situational awareness. Not too long ago, like maybe five years ago, I went to Thailand and I was in Thailand, me and my, wife at the time we were chilling. We had a great time. We I'd been there like four or five times or something. I've been there total four or five times love Thailand.
I've been to two different cities there and stuff. I just, the people are great, man. The the, monasteries I went to the monastery seen that sleeping monk. There's this giant like sleeping monk a sleeping Buddha ah, man, this is just amazing. I went to old Siam, which is now called a Utah. A beautiful place, man.
The people are so nice. I man, anybody who's never been there, man should try. It is check is so amazing, such an amazing place. Anyway, me and my wife at the time we were there, we're hanging out with chilling and we had a great time. We go to leave. We get on the plane and we're leaving. We are on the plane leaving.
And then as we are in the air as it's taken off, we learn that the, country just had a coup and they shut down the airport. So we, might have missed that coup by about 15 minutes, cuz we were already boarded and flying and they shut the airport down and nobody could leave. I had no idea this stuff was going on.
I was just there as a tourist. I didn't see any protests where I was at. I didn't see any of that stuff, but a little bit of situational awareness for me. Would've let me know. Hey, there's something going on?  I had no idea. And a lot of times, as a foreigner going to another country, you're totally clueless on this stuff.
Always have situational awareness, no matter what, whether you have a clearance or not, whether you work at a company that has sensitive information or not always know what's going on in that country, what's hot. What's going on, where not to go, where to go. You could find all this information on the internet a great resources would be the, embassy website.
They have, they usually like a breakdown of alerts and warnings of places and what's going on. They sometimes they're kidnapping Americans there. You know what I'm saying? Depending on where you go,  this certain, it's like any places you go it's if, somebody flew to the us, like the first thing you wanna know is like where, right?
So they could be going to Hawaii and having the time of their life, or they could be going to Detroit and about to get get got in certain places in Detroit, not saying all of Detroit's bad, but certain parts are not so good. Like you probably don't wanna go to Chicago O block on the south side, not a good look, not a good place to go.
And even people on O block in south Chicago will be like, no, don't come here. Do not, this is not a vacation spot.
all right. Let me see. Somebody said please, do you think that you can use that? I can use my PMP certification to get a job in cyber security cyber security space in the us. Are you not in the us right now? If you happen to be watching me right now, I got a question on TikTok. They're asking me do I think that they can use their PMP certification to get a job in the United States?
So it depend like you gotta gimme more information. Okay. So if you have a PMP, so first of all, congrat congratulations, PMP is an awesome certification. I know several Several cyber security. People who have a PMP who have a PMP who they got it because it's a lucrative certification. So congrats on that.
Can you get a job? Yes. The answer is yes. You, can if you're not in the United States, it's probably gonna take a little bit longer because you gotta have to get a remote job possibly I'm I don't know your situation, but the answer is yes, regardless of the situation, it might not be the job you want.
It might not be the money you want, but let me just let, I'm gonna demonstrate this to you right now live. Okay. What I'm gonna do is go to a common us website. It's called indeed in the us. You've got every country has top search engines that you gotta go to. If, you're trying to get a job in UK, the UK job search sites are not the same.
Are not gonna be the same as the ones in the United States are not gonna be same in India. Not gonna be the same and pick a country. They're all different. So the first, one of the first things you gotta do and whatever country you're going to is find out what are the top search engine. And I'm typing while I'm doing this.
What are the top search engines that I need to go to in order to find a job in the us? One of the top ones is called indeed.com, but there's several other ones in LinkedIn, monster.com, dice.com. Career builder.com, clearance jobs.com. Those are all us, but if you go to, if you were finding another country then it would be different.
Okay. So let me show you guys what I got going on here. If you happen to be watching me still on on TikTok or Facebook or YouTube, what I'm doing is I'm on indeed.com and I just typed in PMP certified. Project manager and, watch, let's see what results we get. I put fine jobs. You can do this on any search aggregator, by the way any, job search site.
So what you would probably wanna look at here, it depends on your situation. If you're not in the United States, you probably want to get this first one here. That's a remote position. And then look at the requirements. So they have qualification this one's 30 days old. So this is probably gone. See, one of the things you wanna do is search by posted date, but for now, like you probably wanna do it within 14 days, but for now, let's just look at this one as an example for, to get this, due a job.
So I, what I would do is I would go to indy.com, which was one of the top search engines in, this country. And we found one here is technical project support manager, and luckily project support PMP. Lends itself to remote positions. So that's why I say yes, you can find a job here. This is, this one has a salary of a hundred thousand a year.
That's pretty good. It's a full-time position. They require a bachelor's degree. In addition to your PMP, preferred bachelor's preferred. So you don't have to have one five years preferred. This is really good. If you happen, have a P and P you might wanna check this one out. If you don't make a hundred thousand, but I think this one might be gone because it's over 30 days already.
So let me actually, lemme switch the screen. So people on YouTube can see. All right. So what I'm reading, I'll read this. If you happen to be listening to me. So we already said that this stuff was preferred. Now let's get into the, if there's any caveats, meaning can you do this from another country?
So one of the questions I would ask if I was living in another country or abroad or something like that, or if I wanted to work remotely from a country like Bali not country in Indonesia in Bali. So I would wanna know do do they have restrictions on where I can work from that would be the next question.
So the answer is yes, you could find a job in the us is hot market. A lot of people say, oh, I can't find a job, man. It is booming, man. There's no problem in it. Finding jobs. Here's one right here. As a matter of fact, yeah, they got health plan. They probably have requirements cuz this is a government.
So government positions, just so you know, usually they'll say remote, but you have to be in the United States. And then another thing to look out for, if you happen to be not, if you're not a us citizen, another thing you probably wanna look out for is whether or not you have to be eligible for, a certain clearance security clearance, because eligibility means that you are a us citizen.
Or a naturalized citizen or something like that. So the answer is yes, you can get a PMP in the United States. You just have to look at the requirements of it and and, check out the site for that. And then the, other thing I didn't do on here is look at you. One of the things you have to do is look at jobs, posted and look at it from the last 14 days, rather than last 30 days.
Cuz it's gonna be a little bit different and look this one right, away. It says you have to be a us citizen or a car green card. This is exactly what I was talking about. This one's specifically saying you should have to be a green card holder or a green card holder. Let me show you here.
This is exactly what I was talking about. So yes, you can do it, but look, it is remote by the way, but they want you to have a PMP certification, but you have to be either a us citizen or a green car holder and they tell you right away. That's what you wanna look for. And then if they don't tell you on the job description, you have to do you, have to call 'em like call 'em and figure that out.
Hey, I want to know, can I work there? I'm living in another state. I'm living in another country. Is that a problem? Is there any travel whatsoever? Is it a problem that I'm not a green car holder? You got to ask 'em all these kinds of questions. PMP is an incredible certification by the way.
Really, good certification. A lot of technical guys, I know got one because it's it, pays like PMP actually pays, good money. Let me see it got some other questions here. I'll stick with Italy and Japan.  okay. Let me see here. I have some other YouTube questions. I'm gonna answer real quick.
If I can, did it just log me out. Oh man. Come on drew. Come on, dude. It just logged me out. Wow. I don't know why I did that. I can see myself live. Oh, wow. Okay. I don't know what's going on. I don't know why it logged me out, but I'm about at an hour. So I'm gonna cut this short here real quick.
Thank you guys so much for watching me. I really appreciate everybody who's watching. I re really appreciate my community. If you guys are interested in getting more, the show doesn't stop. You can always catch me on. You can email me. You can catch me on discord. You can catch me on TikTok. I'm always posting a new content, any kind of questions that you have, feel free to a ask me.
Most of my content comes from people asking questions. So I'll actually make a video about it. And if it's a really, good question that I'll be asked over and over again, I'll make an entire course out of it and spend weeks and months doing that. That's it for this one, guys. Thank you so much for watching.
Thank you for listening to me on podcast. If you guys didn't know, I have a podcast that I do regularly. That's another place you can catch this stream. It's on pod bean.com. Check that out or in Lincoln description below. 

Get links here:
https://securitycompliance.thinkific.com/courses/cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/07/21/fact-sheet-national-cyber-workforce-and-education-summit/
 
Two one and we are live. Okay. I've got some urgent stuff to let you guys know about. That's why I decided to just go ahead, go live. So I'm on live. This is a podcast combo course podcast. First of all, my name is Bruce and I do this once a week. At least lately. I've been doing these a little bit more and I wanted to tell you guys about this national cyber workforce and education summit that happened on July last month.
And it's a bunch of free training for entry level cyber security people. And I thought that this was important enough that I should let you guys know what's going on. So if you guys did know my name is Bruce, what I do is cyber security training and also help people to get into this career. If you're interested in this, follow me on YouTube, tons of free information, tons of free stuff out there.
All of this is not paid. I'm just trying to help people out. That's the name of the game for me? I'm good. My life is good. I'm just trying to help y'all other people out. And that's what this is all about. So what this is gonna be is a breakdown of some of the free training that's out there.
Right now. For you guys the, a couple of these things are really exciting. A couple of 'em are really amazing and let's just get right into this. All right. So this is all coming from a summit that happened.  so let me back up a little bit. So the white house is pushing some sort of initiative to fill a bunch of slots.
There's a huge shortage of cyber security people. There's something like seven over 700,000 cyber security positions that are open. And it's due to a lot of things it's due to people retiring it's due to  people getting out of this career path. And they just can't retain people and there's a huge need for cyber security.
So they put together this initiative to pull more people in teach people and they pulled in all these other organizations to do that. So you've got everything from the private sector to different departments within the department of defense that are promoting this.  and all of the stuff I'm about to tell you is coming directly from the white house dot coms white house, white house.gov.
I'm sorry, not white.com white house dot govs briefing that they did in July. So this is a bunch of free training, a bunch of job jobs and all kinds of opportunities. If you're interested.  like I said, a lot of this is free. Let's start off with department of labor and commerce. So department of labor and commerce is doing 120 day cyber security apprenticeship.
And this is already started. So if you are interested in this, you gotta go to this.  now you can either Google this right now, or you can go to combo courses.com where I have put all this slide deck with all of these links that I'm about to show you are on my site. So if you're interested in that, just go to combo courses, or you can just go to Google and type, and then Google what I'm saying, but if you're interested, you just go to convo courses.com and this is free to sign up and then you'll just download.
You'll download the slide deck from here, and then it'll have all of the, all the stuff that I put together on this thing. And alternatively, you can just type in national cyber workforce education summit, and then all the actual stuff is there minus the links, because I did extra research to get these.
All right. Let's start off with us department of labor and commerce. They have 120 day apprenticeship. So if you're trying to get your foot in the door with cyber security, this is one of the ways that you can do it. This is a golden opportunity. If you're actually an it person, you, or actually you might even be able to switch from another occupation to get into cyber security with an apprenticeship.
Yeah. So this is getting you actual experience.  Now you've gotta go to the site and register. They've so far have 714 registered apprenticeship programs and they're accepting people and for a little bit, so go ahead and sign up for that. This is a part of a huge initiative from the us government to actually get more people trained up and get people in these positions that they really need.
So that's, what's happening right now with this So that's the us department of commerce. And like I said, if you want this slide deck that I have, if you wanna see all this stuff, you can download this on combo courses.com. Actually, if you are watching me on YouTube, it's in the link in the description below.
If you are watching if you're listening to this on podcasts, go to combo courses.com. Look for Look for convo courses online. It's a bunch of free stuff that I post out there. Downloadables all my slides are there. Look for that slide deck. This slide deck that I'm showing right now, but let me, let's go to the next one other opportunities out there.
This is the apprenticeship apprenticeship.gov. If you happen to be following along type in apprent.  Apprentice ship.gov. And that'll show you the countdown of days. They're saying there's 77 days as of this recording and 14 hours left for people to sign up for this apprenticeship. If you're interested in getting into cyber security and being trained in the next 120 days with the department of labor and the department of commerce, that's where this is coming from.
All right. So let's keep going to the next. Next one. Okay. Now this one right here is incredible. If you happen to be watching, listening to me right now this is not gonna last. This is not gonna last. So ISC squared. Okay. Let me explain. This is really important. ISC squared are the guys who do one of the top.
They do the top cyber security certification known as CI S S P. So these are the CI S P. So they just recently released a new certification, an entry level cyber security certification called certified in cyber.  This is unprecedented because these are the top guys in the field. They're competing directly with security.
Plus with this one, what they're doing right now is they're giving this away for, they are given free training. This is a $200 training. This will not be free for long. This is a $200 training that you can take. I believe after you take the training, you can go ahead and take their test, here is the site right here. It's on ISE, two.org/certifications/cc. Or you can go to Google and type in certified in cyber security, ISC two, and then you'll find their certification this right here. Let me see if I got another slide on that. Yeah. They're saying. Okay. So first of all, this is the world's largest nonprofit association of certified cybersecurity professionals.
That's a fact. So they have the leading certification. In the world, which is the CI S P and they also have the the cap and several other large certifications, but those are probably the two top ones. This is huge. They are giving free training for this. And then you can go ahead and take this certification.
It's an entry level certification is brand new. Marketability. I'm not sure how marketable it is since it's totally new and people don't know what it is, but people will know what it is because ISC two is the biggest cyber security certification. The most world renowned cyber cert security certification organization in the world.
So if you get their certifications they have, they are just everybody respects 'em because they don't do shady stuff. Like some other organizations that I won't name. Okay. And I have certifications from them. Cert, I've got multiple certifications from them and I've been I get jobs very easily because of that.
Alright, so let's see. Let's keep going here. Okay, Accenture I don't know if I'm pronouncing this right, but they have a bunch of entry level professional certifications. If you are interested in that They here's the site right here. Here's what it looks like. But if you go to Accenture I believe it's accenture.com.
That's a C E N T U R E. For those who are listening on the podcast you'll see their entry level professional certifications. And they've because of this initiative, this push forward to actually advertise. Getting more people into cyber security. They said that they're committed to creating access to new roles in cyber security cloud and technical areas through apprenticeship and upscale programs.
So if you're interested in that, go ahead and check it out. Let's keep going here. We've got a ton of other ones. We've got an Institute for cyber security studies. These guys are offering. A bunch of training for executive education programs. If you're interested in that, I'll keep going. If you're interested in getting the links, I've got links to each one of these training courses.
So this is not necessarily entry level, this one's for executives and board of directors and stuff. So that doesn't really apply to the people I'm talking to. So let's keep going with this. Okay. So Auburn universities.  They have a program as well. That's has an in they're helping with this initiative to get more people into cyber security.
So you can check that one out. There's the link right there. If you're interested in that, go to combo courses.com and you can find that in in this slide deck that I'm showing right here, all of the links are there. There's lots and lots of details there. That's why I'm just gonna go ahead and give you the links and.
And find all this information that I'm showing you here, but this is where the link is at. You go to convo courses.com four slash courses, four slash cybersecurity, and you'll find it here. Alternatively, you can go to the actual site where all this stuff is at it, it won't have all my research.
I did extra research to show you like where all the news feeds are, where the actual sites are where where you can sign up for this stuff. You won't have that you'll have to do your own research, but if you go to if you go type, go to Google and type in national cyber workforce and education summit, you'll find everything that I'm talking about here.
That's where I got all this information from. Okay. Let's keep. We talked about ISE squared. We talked about Centura. We talked about a couple of universities. Let's keep going. Let's go to Cisco. So Cisco is also ha also has this initiative where they're pushing they're given a bunch of training to college and co colleges, including 107 historically black colleges and universities, the H HBCUs.
They're doing a huge push. Here's a, an image of their site. Trying to get more people into cyber security workforce, cuz as there's 700,000 vacancies in cyber and I can vouch for this I'm in this field and I'm telling you, they try to put four and five hats on us and we're having to do all this extra work cuz there's not enough people to do this work.
It's really a huge problem. And so there, I'm glad that. That they're actually trying to pull more people in, but now Ciscos in on it, they're trying to pull more people in. They're trying to get more education out there and get more people in the workforce. So let's keep going here. Comp Tia. So comp Tia has a partnership with connect wise.
And if you go to their site right now, if you go to their news feed, you'll see this right up top, where they're trying to get more people into this field by merging with ConnectWise and getting an it apprenticeship out there. Some of these things that I'm gonna show you by the way are in the works, they haven't actually started yet, but some of 'em are like already ongoing.
You can literally sign up right. And and apply for these and get into the apprenticeships. If this is, if I were you like, if the position that I'm seeing. Is, if you happen to be a help desk person, if you happen to be in a field where you do a little bit of tech, but you're trying to level up, this is actually perfect for you.
This is absolutely perfect for you. Now, if you happen to be in a completely other field, some of this may help you out the ISC two squared, I think is a huge one to, to try to do in these are entry level cyber securities thing. This is unprecedented. This is amazing. I'm glad that there.
This push for this field because it really needs it. But if you are brand new to cybersecurity, if you trying to get into this field, like people keep asking me over and over again on TikTok, on YouTube, on Instagram, everybody all over the place, trying to get from where they're at to cyber security. This right here, this certification, this ISE two squared certified in cybersecurity.
If you go to IC two square.org I actually it's is. two.org. You go there. You will see this assert a new certification called CC. And this is for entry level cyber security people. Let's keep going. Where were we let's see scrolling down, going to CompTIA. Okay. We just talked about CompTIA Lincoln description below.
If you happen to be watching me on YouTube, if you happen to be watching, listening to this on podcast a little bit later or live, then you can actually download all this stuff I'm talking about on my site com convo courses.com go to that site, and you will see that in in. What is it? Combo courses.com/courses/cybersecurity.
And then there's a downloadable that has all the links that I'm showing you here. It's called national cyber workforce and education summit. This is from all from a summit that happened on the, on July in July, just last month. All right, let's keep going. We already talked about compt. Image of the comp Tia newsroom.
If you go to comp tia.org and check out their press release, you will see exactly what I'm talking about here. So I just gave you several links that you can either go to Google and type it. You can go directly to the site such as comp tia.org, and look at the news feed and then find this find this right here.
This initiative, there's a push towards getting people apprenticeships with ConnectWise. Okay, let's keep going here. There's a couple other good ones here. I'm gonna just go straight to the good ones. You've got several organizations that are pushing towards this several universities as well, that are pumping lots of money and initiatives into getting more and more people into cyber security, such as Dakota state university they're highlighted.
90 million investment for cyber research and initiatives to support multi-party public private partnerships funding to get more people into cyber security and their goal is to get more people in cyber sciences over the next five years. Okay. So there's that initiative? IBM has a push towards getting is announcing that the education initiative.
That's gonna help the vet department of building and affairs. Couple of other organization and HB cus to provide no cost, zero cost stem training. For us military veterans, newer divergent learn learners and university students from underrepresented communities. So this is really impressive that they're actually reaching out and trying to pull more people in from all over the whole spectrum of the United States.
That's really cool. Okay. So Linox foundation had a good one as well. Now you gotta check this one out. This is one of the better ones. I don't know that I have many left that are as good as this one, but check this out. So Lennox foundation, they actually. And I think this is for a limited time only they have 15 hours of free software, secure software training programs.
Here is the link right here. If you wanna get that link, I already told you where the link is. If you happen to be watching me on YouTube, you can actually click the link. It'll take you directly to where you can download this slide, presentation that you're looking at right now that I'm describing on this podcast.
And you can download or get this, download this, and then click this link and it'll take you to this free. Developing secure software or alternatively go to Google. If you're lazy, go to Google type in Lenox foundations space, free secure software training, and I'm sure it'll lead you there, cuz this is active right now.
Look at this. This says enroll today. Cost zero. All of these are not gonna be zero for long, right? That's why I decided to do this live because. This stuff is limited. Like CC.  ISC two is limited. I don't think that course is gonna be free forever. And then this one develops secure software is not gonna be free forever.
It's gonna go up to 200 or 100. Whatever the price is gonna be on this thing. Okay. So let's see night dragon is also doing some initiative. I already checked on this one. This one's not out yet. I don't think they have announcements and stuff, but I didn't see, I seen where you can sign up for it.
I didn't see a place where it's actually active yet, but I could be wrong. So go ahead and check that one out. This one's active in power will offer skill development courses and free it training and credentials to military connected individuals, as well as young adults from underserved and underrepresented communities.
That means if you are from a socioeconomic poor place. Like myself, this is gonna help you out. So you can literally apply here. Here's a little bit more news here for it. If you are happen to be listening to me, just go to Google type in power.org. And you'll find it. You'll find that site.
And I think that's it. The last thing I wanted to talk to you guys about is Booz Allen Hamilton. Now, I don't know if this is in direct relation to the, this push to get more cyber security people in this, but. It's matching what we're talking about. And right here, it's just saying that Booz Allen Hamilton starts entry level cyber security staffers at $150,000.
This is entry  entry level, cyber security staffers, up to $150,000. Now, if you happen to be in it right now, if you happen to have a security. Hell. If you don't have any certifications and you happen to be an it person, this is something I would definitely look into. Now. I gave you some links here, or if you happen to be listened to me, go to Booz Allen Hamilton, just type in Google, go to Booz Allen Hamilton, go to their career section and put your resume right in their.
and then look for these cyber security jobs. I would just put your resume right in their site, because sometimes they'll reach out to you. If you do that. If, and if you happen to be watching this on YouTube, you can actually look in the link description below, sign up for free, and then go to Booz Allen Hamilton careers.
And the link is here. And then go ahead and sign up for this. That's all I wanted to say guys. That's it for this.  I just wanted to, this was urgent because some of these things are gonna expire soon. Like some of these free items are gonna actually expire soon. Like this Lennox foundations, this one's really, this is a good one.
If you happen to be into doing development of code and you want to jump into this this is absolutely free. And then the other one that I'm the most exciting one to me, cuz I know this is this. This could possibly compete directly with security plus, I don't know. It depends on they market it and stuff, but this certified and cyber security entry level secur cyber security certification.
This is, this has a potential to be really good to where they'll add it to things like the DODs 81 40. They could probably add it there and compete directly with the security plus, we'll see how this goes, but I would, if it's free it's right now, it's free. Go to ISC two.org and look for this certification.
It's called a CC certification. I would go ahead and try it. If you're entry level. All right, I'm gonna take a few questions and then I'm gonna end this thing. I just wanted to, that was the main thing I wanted to talk about. So if you have any questions on I've got some, I might have some questions on TikTok or have some questions on YouTube.
Let me see. I've got one question here. Let me see. Moncho says we will need to know basic it will we need to know basic it. Cover a plus or can anyone just go in it and get training and learn? This is actually a really good question. So it depends on the thing that I have, all this lists I'm seeing here, there's a couple that are completely like, you can come in cold.
Yeah. This one right here. So this one right here is  fast pace free. This one's designed specifically for people who are just, who are absolutely brand new. Let's check it out. Let's check it out. I don't wanna lie to you. So I'm gonna go to ISD two square live, and we're gonna, we're gonna go through this one together.
And for those who are just listening, I'll explain what we're looking at. So mantra asked me if this ISE two square. CC certification is for anyone like, can somebody who's coming in from nursing. Could they actually jump into this one and just start, let's see, they said it's entry level.
So that's what they're, it's not only entry level, but it's tailored towards people who are brand new in this thing. So let me see. So right now I'm on the SC ISC two.org certification CC site. So that's what we're looking at. And we're looking through it. Let's see introduc introducing the ultimate starting point for an, let me see for an exciting career certified in cyber security.
So they're doing their little. Spiel here to get us to get in here, take the first step in reward in a rewarding career to get your, and get your certified cyber security for ISC two square. The world's leading cyber security. Okay. They're promoting themselves. Let's get to the meat of this. Like what does the candidate need becoming an ISC two candidate.
Did you know that you can now join ISC two squared and become fully certified? Okay. Now we know we. We have recently launched a candidate. Okay. Which allows anyone studying for a certification or interested in a career in cyber security to join association. So this doesn't have any prerequisites. It looks like to me, that's what it looks like to me.
So qualifi, a qualifications, Pathfinder. Okay. Here it is right here. Unsure. If CC is right for you. Let's.  let's see, we're gonna look at their Pathfinder that basically breaks down the path that they expect you to have to get this to get this. Let's see what is the best cyber security qualifications for you?
Anyone cyber security journey or career journey is everyone's cyber ski. If I could read  is. And it could, it can be difficult to navigate through all the certifications opportunities which, okay. So you're still not telling me they want us to sign up. I bet. Okay. Pathfinder, we make it easy to discover.
You should go to the site yourself. If you're interested in this, you should go to as follow along with me, ISC two.org/certifications slash. Qualification Pathfinder right now they say, start your journey. And I believe they're gonna take me to a form. Okay. Nope. All right. Let's see. Are you interested in pursuing a cyber security certification for your team?
It's asking me some interactive questions to see, to determine if this is for me, I'm interested in pursuing a certification myself. So what I'm gonna do is I'm gonna answer this, like I'm brand new, like I'm coming out of a whole nother career. Which of the following best describes your current cyber security goals?
Okay. I would like to start in cyber security career, but unsure where to start. I'm currently working in it with security responsibilities. Okay. Nope. That's not us. I currently work in cyber security. Nope. I'm interested in specializing. Nope. I work in a note that's security role or a, it. I would like to demonstrate my knowledge of various risk frameworks, not what the hell  I would I work for and pursuing cyber security job in the government, which or with contractor requirements, specific specifications, I work with healthcare industry in which to pursue cybersecurity.
Okay. This might be it right here. This might be it right. Let me see. I currently work in cybersecurity. Okay. This one, right? This one is for somebody going from healthcare industry. And this one is I would like to start cybersecurity career, but I'm sure where to start. Let's just get this one that's general enough.
Okay. Next one is saying, looking to start cyber security career, but unsure where to. , you're not alone. Many people are interested in cyber security, but they are unsure where to begin their journey. Okay. Select the option that describes you. I have worked in it. No, that's not me. I am a student studying computer science.
Nope. I would like to start cyber cybersecurity career, but have no or very little security or it experience. This is us. Okay. Now let's see if it says, get the hell outta here. This is not for you. Let's. Get certified in it. Okay. Lacking work experience is not a problem. Look at this. See, moncho this answers your question.
Lacking it. Lacking work experience is not a problem. The new certified and cybersecurity entry level certification is perfect for you. The certification is a pilot is a pilot form at this time, and it is an ideal next. For those interested in this field, like you learn more now this, I think this is where it's gonna ask me my name and social security number and firstborn child and all that kind of stuff.
Nope, it didn't okay. If I want more information, I'm gonna have to look at this free train. Look at this is what I'm talking about. Free training right here. Get free training for a limited time. Since this is new, they're trying to promote it by giving it to letting people use it for free. But it's, they're saying it's a $200 value.
That means it's probably gonna go up to $200 once day. And these courses are not cheap. All right. So if I want to download a breakdown of what's on the test and everything and how to train for it and everything you, I think this is where I would have to give them my email address and they put you on like a mailing list and stuff like this.
It's pretty in unintrusive. You know how some of these mailing lists are very like aggressive. I see two squares, not like that. But anyway, you would sign this stuff and then it would give you a breakdown of what domains are on the test and. More details about the actual test itself. This is a really good, I'm really glad that they did this.
This is a really smart move. I really hope the certification does well. It really depends on how much traction it gets. And so that's why I think they're giving the training away for free. So moncho, I hope that answers your question about this one. It looks like if you have no experience at.
They're doing an entry level certification. They're trying to compete with comp Tia, cuz comp Tia is right now, the premier it entry level certifications that you, that people are using. And it's the, if you get a help desk job, a lot of times they'll ask you, Hey, do you have a plus certification?
If you have no degree or whatever, or sometimes when you have a degree, it doesn't matter. They were like, Hey, do you have an a plus certificate? Cuz it's just that marketable. But now they're trying to compete with that.  and then they're trying to get in that space where Google support it. Certifications are starting to become real popular as well.
So now ISE two, that's a really smart move, I think. All right guys, that's it for me. Thank you for listening. Thank you for watching. I really appreciate it. I'm gonna be restream this stuff on my podcast is on it's on pod beam dot convo courses. Now convo courses dot pod beam.com. If you happen to be li watching me on YouTube it's there I'm live streaming it right now, but I'm gonna re-release it for those who might have missed this one.
And that's it. Thank you so much for listening. Thanks for your questions. Thanks for watching. I will talk to you guys later. Pace.

Checkout - http://convocourses.com
 
See the video of this podcast here: https://www.youtube.com/watch?v=0gA0vnflsUs
 
Join DiscOrd: https://discord.gg/WE2QFFf7ct
 
Question: CyberSecurity Jobs in Mexico - Charles
"Hello, 
I really enjoy your videos, I wanted to know if there are 
any cyber security jobs in Mexico or if you can work
remote jobs while being in Mexico?"
 
We go through how to find IT jobs in Mexico using job aggregators that are popular there. 
 
 
 
 
 
 

Main topics:
Challenge of working remotely in other countries
The ATS style resume for IT and cybersecurity
 
For more check out: www.Convocourses.com
https://www.youtube.com/convocourses
fb: https://www.facebook.com/convocourses
https://www.tiktok.com/@convocourses
Amazon books: https://www.amazon.com/dp/B0B6PWGXJZ?searchxofy=true&binding=kindle_edition&ref_=dbs_s_aps_series_rwt_tkin&qid=1661986519&sr=8-1
 
Audible:
https://www.amazon.com/gp/product/B0B98WG2HX?notRedirectToSDP=1&ref_=dbs_m_mng_rwt_calw_taud_tkin&storeType=ebooks&qid=1661986519&sr=8-1
 
Welcome to convo courses. My name is Bruce, and this is gonna be kind of a different format podcast. If you happen to watch my old ones, normally I put 'em on YouTube immediately. Um, right now I'm kind of on the go and I'm in my hotel. But I'm able to knock out these podcasts and there's a couple things we're gonna talk about on this one.
And I'm trying to just help you guys out with everything that I've learned over the years, doing cyber security and doing specifically security compliance, um, and how to get into the cyber security and it space.  um, and, and things I've learned along the way I've been doing this for 20 years. Uh, I've been doing this since two, the year 2000.
I actually was in the military for eight years. Um, I, I ended where I was working as a physical security guy. I was a security forces member, protecting resources and assets, and then doing law enforcement, things like that. So I very familiar with security, physical security controls, but then I, I cross train into cyber security.
Well, actually I crossed into it and we call it computer operators, but I did all things, uh, related to it, including cyber security, where, and that's where I got into security compliance. So. What I'm gonna talk about in this one is gonna be, um, something I learned about resumes. I realized why my resume's been doing so well.
And it's because it's ATS or application tracking system compliant. Let explain what that is. And, uh, kind of walk you through how to do it, and I'll try to be as audio as possible, knowing that some people only watch only listen to these, uh, podcasts. Uh, but that being said, if you happen to watch this on YouTube, then I'll have, uh, some examples for you as I'm talking through it.
Another thing I'm gonna talk about since I happened to be remote. Is working remotely and some of the pros and cons and, um, got some notes here, pros and cons of working remotely, some of the benefits of it and some of the countries that, uh, a lot of Americans are going to and why. All right, let's start off with the actual remote work.
I'm gonna take you guys here outside for a second here, outside of my room. It's gonna be a little bit of a change of audio. So just bear with me, but you'll still be able to hear me well, all right, here we go. All right. So I'm not able to do this live. Normally I do these, I do these live and, uh, um, but I, the.
It's not good enough here. And so that's one of the things I talked about in the previous videos and previous, um, podcasts where you, whenever you go to a place it's about noise. Pollution is a factor. Sometimes. Anyway, that being said, let's get into this. I want to show you guys where I'm at. So I'm at a resort here in Manila, Philippines, and I've been here for, I've been in the Philippines for about a month.
Uh, I've been off for about two. At the end of that, and I'm actually looking for a job right now, learn some new things about the job market, which we'll talk about. Okay. So what I'm looking at, if you happen to be watching and listening to this on audio is it's just a group of hotels with a bunch of pools below it's.
It's beautiful. It's kind of a rainy, kind of a rainy day here in Manila. There's a freeway that's not too far from here. That's what you can kind of hear that far away. There's an airport, not too far from here. And then you can hear. Below that are in a pool and stuff. So that's, that's where I'm at. I'm like on a balcony of a hotel resort, pretty nice.
It's called the urban residence, urban residence. Crazy that I've gone to so many hotels. I forgot the name of this place. And even, even those places. Nice. Anyway. Okay. Let's talk about the benefits of remote work. You hear a lot of people talking about remote work and you probably wondering, like, why did everybody talk about this?
Why is this so popular? Why is what's going on with it? Well, there's a few reasons and everybody has their own reasons, but I'm going to name some of the most popular that come to mind. One of the biggest ones is, uh, when you're working remotely, especially in other countries, is that it's cheaper to live in other countries.
A great example is Manila is one of the most popular places that Americans will go and move to and work from because it's just, it's just cheaper to live here. The food is cheaper. Uh, for us, um, the cost of living here for Filipinos is, is not great. There are problems here. I've been here long enough to see some of the, the freight edges of, of a country.
And that's the thing. When you go to a country it's not all sunshine and rainbows, like you, you find there's issues in every country, just like in the us. So don't a lot of people just talk up on a country, but you gotta look at all sides of it whenever you travel. Anyway, one of the biggest benefits that Americans will come here in, in some other C.
That it's cheaper for us cheaper for us cost of living wise with food, much cheaper with your medical is much, much cheaper. It's cheaper to fly here or do medical, uh, and dental than it is to do it in the us. It's ridiculous in the us. It's cheaper for rentals are cheaper. Like these rentals here. Um, this, these are kind of an exception because these are, this is a private residence that are in a, a resort.
So this is gonna be a little bit more pricey. Um, but this, this place I. Which is, which is incredible, which has pools. It has has a clubhouse that right over there that, that dome looking building that donate, donate shaped dome looking building is a, is a clubhouse that has, it has food. It has amenities such as the gym.
It has all kinds of stuff there. And it's three levels, but this place I'm at is $45 a day for this resort. There's, there's like four pools here. There's an Olympic size swimming pool over there. This place is. It's it's, it's absolutely ridiculous. Um, not the best service I've had in the Philippines.
Philippines has some of the best service in the world. This place is kind of, so, so I don't know why it's the, management's not as way here, but this place is incredible. A place like this will run you probably $300 a day in the us. No joke, cuz this is like a five star resort. Um, here it's $45 and I found some of these places that you I'm looking at at hundreds of different.
Across from me and these units, some of 'em are only $27 a day. You could literally live here for $27 a day, $27 a day. It's like a thousand a month in a resort. Think about that. Living in a resort for thousand dollars a month or $30 a day. Yeah. About what, $30 a day. It's for 30 days, $900 a month. So that's still cheaper, like living in a place like this has a kitchen, it has internet, it has, uh, you know, um, Full bathroom.
Like you could, there's a laundry service downstairs. Like you could live here in this resort for $900 a month. There's a, there's a, uh, mall not too far from here. It's walking distance with a grocery store. Uh, everything you need is here and $900 a month, a place like this cost you $900 in the us. So that's one of the main reasons that people will travel and live in another place.
Some places that people consider besides. Would be that are cheap to live for us for American citizens is include Portugal, um, Thailand, Vietnam, Mexico, um, and Columbia. And there's a few other ones that are, that are comfortable for us to live and a Dominican Republic. That's another one comfortable for us to live much cheaper living standard and just your, your life is gonna be completely different there.
You. To really retire in some of these places. And this is 900 a month is, is, is crazy here. That's a crazy price. Um, you can get something that's not as doesn't have as many amenities for about $200 a month, $300 a month. A very, a pretty good place for about $300 a month. So, and then the food is, is cheaper.
It's uh, the transportation is fairly cheap. Um, here much, much cheaper than the us. It's all around. Like your whole living expense is gonna be different. So that said you don't need a hundred K job. You don't need a six figure job to live in a place like this. You have a six figure job here. You are living like a freaking king here, you know?
So that's one of the main reasons that people will go and live remotely. So, um, it's worth your time to look into everything's cheaper medical, uh, your dental, your food. Rentals your transportation, your whole living, your whole life is much, much, much cheaper in these countries that I named. Now, one thing you should know is that there's some countries that you probably sh can't go to, or don't necessarily want to go to, cuz you would not be able to work in an American or Canadian or some other countries going, you can't work from the following countries doing remote work.
I'm just gonna name a. Top of my head that are gonna be much, much harder for you to do remote from. And, uh, those, especially for American companies, cuz there's like an embargo. Anytime there's a country with an embargo, it's gonna be a lot harder for you to, to live there. And one of off the top of my head, one is Iran.
Um, Iran has some kind of sanctions, you know, and it's not that us American citizens agree with this stuff, but that's neither here nor there. If you're trying to work from. Cheaper location and you're trying to live there and stuff like that. It's just, you know, we are not necessarily the ones making the policies or controlling what's going on.
Right. So it it's fun. It's funny because the politically, we don't necessarily align with what the government is doing with the sanctions and stuff, but it it's a reality that we have to deal with. So one of those is Iran. Iran has all these sanctions. There's most American country companies that are paying you big money.
Will not be able to work from there. You can get there it's even gonna be hard for you to get there as an American. Another place is gonna be of course, uh, North Korea.  obviously, it's funny because it's so obvious. It's so crazy. It's gotten, the relationship has been so bad between the us and North Korea.
They just did not even a question anymore. You go there, especially if you're ex-military or something you're gonna be end up in prison somehow, you know? So unless you're Dennis Rodman or something, I don't know. Um, it it's, it's just not a place that you're gonna be able to go. That that being said South Korea.
Um, it is probably a place you could live, but it's, it's a lot more expensive in South Korea. So, um, it it's, a lot of people don't go there because of that reason, unless they have family or friends or, or, or their family fiance or spouse, is there or something like that. Um, another place that you probably are gonna have some issues with is gonna be VE.
And it's just unfortunate, cuz it's such a beautiful place with beautiful people, beautiful culture and all that stuff. It's just sad. But Venezuela, I know people are going there but to work from there, um, cause the what's happening with the economy. Cause there's, you don't know like the, the embargo thing is kind of flaky with the us.
Every time there's a new president, they put some kind of stuff against Venezuela. Venezuela is probably not a place you could work remotely. Uh, another place is Cub. Another one that's really unfortunate because it's such a beautiful place. It's so amazing. It's so close. It just makes sense to live there.
And it's just like, because of all this stupid stuff going on between our governments, we as Americans gonna have a hard time getting in and out of there, especially if you're working from there on, on, uh, anything with any kind of government information, it's just gonna be harder for you to work there.
And then all this political stuff happening now with, with. Don't know if you've heard, but like Russia and, and some other countries that are going and, and making bases and stuff and having relationships with it's just gonna go outta control here real soon. So it's not a place I would recommend that you, even if you have the ability to do it, to work there for an American company and, and go there.
So those are the three that I was, I'm sure there's many other ones. Maybe I'll make another, uh, video where I explain some other countries that are, that are not good to go to, to work. Um, and, uh, that's, that's about it for those ones. Um, let me see if there's any other things I wanted to talk to you about with remote work.
I think that's it for remote work. I want to talk to you guys a little bit about something I've discovered something I was, I've been doing right for many, many years. I'm gonna actually change locations here so that we can get a better sound change up the ambiance a little bit. Okay. Here we go. Going inside.
Room
are you on? Okay, sorry. Uh, okay. Sorry. I, my partner's, uh, doing some work there, so I'm gonna stay in. I'm stay out here.  oh, this is, uh, podcast. So that's what you get real life stuff going on. So anyway, um, I wanted to talk to you guys about a Ts. So what I discovered is all these years I've been doing something very right with.
My resume. If you didn't know, whenever I put my resume out there, I market my resume. It does really, really well on LinkedIn, on dice, on monster and all the other job sites. It does really well. And the reason why I discover is cuz I keep it simple. It's just a plain, it's not fancy. It doesn't have tables.
It doesn't have pictures. It doesn't have anything, any kind of overlays, nothing like that. It's just a plain document. White paper, white. With my name on the top contact information, and then job exper work experience. It has, um, certifications. It has education. It has that's about it. It's pretty simple.
Like I think I recently added skills, but it's pretty basic. And I normally put it in dot doc, turns out all that stuff is what you're supposed to do so that it is ATS compliant. Now, what is ATS? ATS? A application tracking software. It's basically like a database or software or a server that fortune many fortune 500 companies use to, uh, pull in the resumes and track, um, and, um, monitor and do analysis and do artificial intelligence analysis on resumes.
It pulls them in if it has the correct format. If, if the correct format is. It'll reject your it'll reject your, um, your applica your resume, right? And if you, you wanna know what I'm talking about, whenever you sign up for a job, think of this, have you noticed they always have you do an application? The reason why is cuz your resume is not compatible.
Normally people's resume is not compatible with the system that they, that company has internally. They have an internal database that pulls in all the information. It has. It has a database. Name, uh, where you've worked in the past, all your experience, your skills, your education, all that pulls, all that stuff in, and it compares you to other candidates and it, and once you're in their database, they have this big pool of people, um, that they can pull from and, and put into different positions.
And it allows 'em to put you quickly into those different positions and then call you con if you contact information's there, they'll contact you with via. Or via phone and say, Hey, Bruce, uh, we've got this position for you. Are you available on this day? We noticed that you have all the skills that we need for this position.
That is an ATS. It allows 'em to very quickly get you in their system. And if you have a resume, what they'll too, if your resume is right, is they'll pull all that information from LinkedIn or from dice or from monster or from other search sites. And. Put that into their database, just instantaneously, but that's only if your resume is out there in the correct format with all the correct information.
And that's why you have to fill out your complete profile. It has to be accurate and then upload your ATS compliant resume. That means a plain blank resume with the headers. All that stuff is in correct order. And one of the things that I noticed that my, my resume didn't get right, was the dates of work.
It's a work we're a little off, cuz there's a certain format that they want you to have in there. So ATS, uh, just having a simplified resume has helped me to get all these jobs and all these offers and all these opportunities over the years. And then now, recently I fine tuned it. I've I've gotten back into my resume, ripped it apart, rewrote it.
And now I'm like really getting into the weeds on the each one of the key words that they wanna see. And the format tightened it up. So it's perfect so that whenever they pull in those resumes, mine is gonna just come in and with no problems. So that is what ATS is. And, um, that is, that's something that that's really helped me out to get jobs and stuff.
Um, I would like to, at some point what I'm gonna do for you guys that watch me on YouTube is I'm gonna walk you through how I actually apply using my ATS. May, um, and how you can, um, maximize your opportunities, uh, to get these different jobs, high paying jobs, by the way, that's about it guys. Um, I'm got about three days left here.
I'm a little bit sad about it. Um, I've gotta go back into the workforce here real soon. , uh, it's been a great vacation here in Manila and I, I actually travel to, uh, different parts of the Philippines. Um, this Philippines, the reason why I come here so often is because it's been like a second home to me.
Um, I have over the years of these high paying jobs, I've been able to buy some condos here. Um, kind of got in early on some condos and, um, got some, uh, friends and family and stuff here. And that's, that's why I come here. And I know where things are, kind of have a better feel for this particular country.
Next country. I'm. To I've been here so many times. It's time for me to, to move to another place. I'm probably gonna go to like Indonesia. I'm gonna try that. At some point, I would like to go to Europe and, uh, countries in Africa. And, uh, those are things that are gonna be in the future for me. I would love to go there and, and visit.
But right now, this going to places, I know that I, that I'm familiar with that can go by myself and feel, and, and feel familiar enough to where I feel safe. So that's, that's why I. Year. And that's why I come here so often. Um, if I would, I get a job here, I noticed somebody asked me a question. They said, Hey, Bruce, like, would you get a, a job here?
And they said, Hey, I'm looking for a job in the Philippines. Could I do it? You totally could do it here. If I was doing that, I've got my kids and stuff are in the us. I'm not, I'm not doing it myself here. And it's a bit too crowded personally for me to live here. Uh, maybe in the far future, you know, and buy some.
Somewhere and then go live there or something, or have my spouse, by the way, you gotta be a Filipino citizen in order to buy land. Or anyway, what I would do if I wanted to get a job here is I would, first of all, tighten up my resume, right. Uh, tighten up my resume and I would look for either a job in Metro Manila or in Sibu I'd open myself up to those I'd look at all the job sites for Sibu and.
Metro Manila, cuz those are like the biggest cities here I'd apply for those jobs. Put my re, get my resume, right? Put it out there. And I noticed just kind of glancing at it that there's a lot of banks that need the kind of work that I provide. So I would apply for all of those, but my biggest play would be on remote work.
I would look for remote work in the us cuz it's a job. It's a hot job market right now for it. And cyber security. I would look for remote jobs. Would allow me to actually work from home and then I would fly here and work from here. That's what I would do. Um, if I was, if I was so inclined to actually work here and at one point I really considered it, I would actually consider bringing my kids here and like living here like three months out of a year or something like that, it didn't work out.
So now here I am by myself. Um, just enjoying my vacation here and. I think maybe in the future, what I'll do is I'll, uh, I'll look for some other country that I could live in. Uh, it probably won't be, like I said, Philippines, a little too crowded, but I'm looking, I'm kind of head hunting for, for different countries that I could live in.
Um, for a while. I like to like live in a country for like a year and, uh, and just to see how it, how it feels to actually be a resident of that country. So I would look for a. That will allow me to stay there for some time. And, but just off the top of my head, Portugal keeps coming up. Portugal is one that I would look into.
Um, maybe, maybe Thailand. I really love Thailand so much. Um, Indonesia's one. I want to check out. Those are what like that are, um, within my price range and I feel more comfortable in those places. Um, cuz I've been to Southeast Asia. So. Times that I kind of know what to expect. And then I would like to learn the language and stuff like that.
So I'd be pretty serious about it if I did do it. Um, I think that that's about it for this particular podcast. Guys, let me just, uh, end this on, uh, letting you get for those you, this is where I'm at. It's pretty nice. Um, got a few more days here. It's been great. Um, just enjoying the culture, enjoying the, the atmosphere and, uh, the humidity.
I love. Back in Colorado. We don't really have that. Um, it's, it's very, very dry mountainous and stuff, which is beautiful, has its own, you know, amazing beauty, but it's not the Philippines. You know what I mean? , we're not too far from the ocean here. Um, feels so amazing here. And, um, I'm gonna miss it once again.
I'm gonna miss this place and um, next time I'll gonna go to another country and hopefully I'll be able to do some podcast. There too. All right. Talk to you guys.

I was in the Philippines from June to part of August. 
We talk about:
Remote Working
Countries I have worked in
ITAR and the countries you cannot work in
the new book about NIST 800-53 controls: https://securitycompliance.thinkific.com/courses/rmf-isso-controls-audiobook
 
Hey guys, this is Bruce, and welcome to concourses. I'm gonna be talking to you about my travels. I'm actually still abroad. I'm still in the Philippines and I actually going back home real soon. So you can expect regular podcasts like we've been doing before, but I wanted to go ahead and start doing these more often.
And I wanna start off by letting you guys know. I just released a few more products out there. So if you go to combo courses.com. I am writing a book about getting jobs in, um, in information technology and in cyber security and marketing those, uh, resumes that you put out, I'm gonna teach you how to create the resume from scratch and then how to promote the hell outta that resume.
So that is incoming. I'm doing that right now as we speak right in it. But if you want to get in early on this book, there it is right there. Uh, and that as soon as the. Is out I'll, I'll release it to you so you can actually pre-order it. Now I also am selling the audio version of the last two books that I wrote on my website, but you can also get 'em on audible as well.
And yeah. So speaking of that, The audible version of the NIST 800-53. If you prefer to use audible, if you have credits on audible, whatever, if you actually want to get a free trial on Audible, you can actually get this book for free on audible. So go ahead and check those things out and I'll be releasing a lot more and creating a lot more content for you guys.
But let's get into this one. I wanted to talk a little bit about this. And how you can do this. And just trying to tell you my experience. So you can get some idea of if, if, whether or not you actually wanna do this. I've first of all, I've been working remotely for, uh, past six years now, um, with different jobs.
Like I, this is my third, my last job was my third job that I did remotely. I worked for NASA remotely with a company, and then I, I worked, um, at Ball Aero. For a while remotely and, and then recently worked with Verizon remotely. And, um, there's a lot nowadays, there's a lot more remote jobs out there. So if you want the opportunity to actually do what I'm doing, it's much easier to do this now.
Um, my experience with RO work and remotely has been incredible. I've really enjoyed. Um, it's given me more time to spend with people who I love, um, I'm at home, so I can actually interact with them and figure out problems together with them and have more family time and things like that. Um, so those are the pros with it.
Some of the cons is if you have small kids, it's much harder to do remote work when you have small kids, or if you have somebody who's very needy it because it's hard to actually do your work with that. Um, and I've been in that situation where. Actually difficult. I had a remote job when my kids were really small and they, as soon as they see me, they wanna play, you know, so it wasn't the ideal, uh, situation when my kids were small, but now they're older, so they understand, Hey, dad's gotta work.
You know, and I have a, a place in my house where I can go and stuff like that. Um, another thing is that I have to actually have more discipline on stopping my work. Like you might think it. It is the opposite that you, it's hard to actually get to work for me. It's the opposite. It's hard to stop working.
I tend to just continuously work when I work from home and I gotta actually stop myself and have the discipline to say, okay, that's it. This project, the rest of this project and work till, wait till tomorrow. I'll I'll get to it then. Having that discipline is really important. Um, the self-discipline to actually not only do the work, but also stop yourself and have a schedule where you.
Force yourself to, um, not overwork. Um, so that that's some of the pros and cons of working remotely. Now, as far as what I'm doing now, what I'm doing right now is I'm actually in between jobs. I'm not working remotely, I'm working remotely on my own stuff, on my own business and I'm writing and stuff like that.
So you could include that as work remotely, but what we're talking about specifically is working for an employer. , you know, whether it's the government or private sector or whatever bank, whatever you're working for. Um, I'm not doing that right now. Right now. I'm abroad and I'm having a vacation and I do any work I'm doing is all, uh, business related.
But I, I have been here before in the Philippines and worked in other countries, Thailand and Vietnam and other countries worked actually working for an employer remote.  and there are some challenges to this. If, if this is something that you, you aspire to do, there are some challenges that you should know about.
Um, number one I would say is just because your employer is allowing you, it, it, it has it on the dockets to work remotely. Doesn't mean they allow you to work in another. And what I mean by that is there's laws. There's rules. One is called I a R, which will pro will restrict you from taking their laptop and their information outside of a country.
And in sometimes in some cases they have a policy where you can't even take the, their. Do equipment out of the state and they don't expect you to work outside of the state, but country is a lot more, um, happens a lot more often where they don't allow you to work outside of the state. I mean, I'm sorry, out of the country.
And, and in sometimes it's just, it's not that they don't want you to work outside of the country. It's more like there's certain countries they don't allow you to and you've gotta make sure whatever.  you you've gotta use strategy. Like if you're trying to live in say the Philippines and you know, you want to get a USA job or a job in Canada or wherever the case may be, you know, this is what you wanna do.
You have to think about it. Um, will this job allow me to work in another country? Okay. What countries can I work in the way that I've done it? Is whenever I get into a company, right? I'm I'm looking at their rules. I'm looking at what are their rules for remote work? Do they even allow, is it flex time where they want you to come in?
Once a week or something, is there travel? Is there, I'm looking at all the avenues of what I can do and what kind of information that we're gonna be processing. Cause that's another important feature when you're first looking at a remote job, uh, because if they're doing classified or any kind of super sensitive information, uh, more than likely it's, you're not gonna even be able to leave the, the state or the area.
Uh, and you have to, it'll be flex work, meaning you'll work from home, but then they want you to come in the office. If you're doing some kind of sensitive, really, really sensitive information. So that's one thing. Another thing I'll look at is, is the environment. Um, some organizations, especially private organizations are a little bit more, um, open about remote work.
They'll actually have like the last place I worked. We had people working in Japan. Like we had one guy working in Japan, doing work on for our clients and stuff like that. And we had another person who was working overseas in south America.  uh, who we had clients in south America. We had clients, we had people in Europe doing work with those clients.
We had people in Australia, we had people all over the world doing it. So the job lended itself to working internationally, cuz we had people who were actually working internationally. So that was that. Wasn't another thing I look at, like what's the environment. A lot of, uh, government jobs. They're very stable.
They allow remote work, but they're usually like flex jobs. They want you to still come in and stuff like that once a week or something. And then they have like a little bit of travel. So you gotta watch that private companies a little bit more flexible. So you wanna look at the environment. . Um, so those are some of the things that I, that I normally look at when I'm trying to think about strategy of what do I want, what country do I want to live in, will this organization that I'm applying for allow that those are the things you gotta now, once you get in, let's say you get a remote job, you're there.
Um, it's a great job. They're paying you. Good. All that kind of stuff. Now you're like, Hmm, can I travel? Uh, Venezuela Brazil, wherever Cambodia, wherever it is. Can I go there now? It's a matter of their policy right now. You know, that they're remote and all that stuff. You know that they're, it's okay. Maybe to travel, uh, internationally.
They haven't restricted you from that. Um, you've got your VPN, you got your protection on your system, all that kind of stuff. Now you're like, okay, the next question should be what other.  because some organizations will not allow you to go to certain countries and that's, it's tied to something called I a R and it's I don't remember what the actual acronym is.
It's and let me actually, let me look it up while I'm talking to you, you gotta look at the actual policies because that is super important. Um, you don't want to get caught, uh, traveling to some country you're not actually supposed to go to. And the, the company is obligated not to go to those countries.
Like legally you're not supposed to here. It's called it a international traffic in arms regulations, like arms you're thinking like guns and stuff like that. But, um, they're also talking about certain technologies that are wrapped into this, uh, into this. That the government has certain things that they do not allow com us companies to go to certain countries.
The reason why is because they, that that country might steal their, the intellectual property of that organization. A good example of this would be, um, companies like Lockheed Martin, who.  military, um, different military components. There's certain components that are proprietary and owned by the government.
That if it, you go to that other country and that country is spying or actively stealing anything on and off their network, uh, That's really bad encrypted or not they'll they can steal it and encrypted for later or something like that. Um, and that actually does happen quite a bit. Um, especially with the bigger countries, like China's doing that a lot.
And I, I don't doubt that us is doing that China and Russia is doing, they're doing all these major powers or doing that to one another. The point is though, from our perspective as workers, we just wanna make sure that we are. Gonna get caught, violating these laws and, and worse, uh, leak some information from clients and jeopardize our entire career based off some international, uh, incident, you know, like you don't want to be that guy it's just too risky.
So we talked a little bit about knowing the environment for that remote company, uh, knowing the policies is another thing that's huge and.  um, also making sure you don't violate any kind of laws that that company has. And that's normally tied into the policies. Now, one of the things that I did at the last place I worked at was I just asked, I said, Hey, are there any, what can you send me the laws of travel?
Like I wanna, I'm trying to travel. I didn't even go into details of that. I just say, Hey, can you send me the laws I read 'em myself. I'm not gonna ask permission and then get denied. Right? I'm just gonna.  and make sure I don't violate any major laws and then ask forgiveness. If they're like, Hey, you're you're in another time zone.
They won't even know I'm in another time zone, cuz I'm not gonna let them, I'm gonna be on the same. I'm not gonna violate any of their policies. I'm not gonna violate any kind of international laws are unit us national laws or anything like that. Um, so all of that stuff is good, but what I'll.  is make sure that I don't violate their, you know, I'm still on Eastern standard time or whatever the timeframe is.
So they don't even know I'm gone. Like I, I even travel sometimes I'll take, leave enough to travel to that other country. And then on Monday, Tuesday, when I'm supposed to go back to work, I'm bright and early working my nine to five. You. So that's some of the stuff I do. Um, I'm, I'm risk averse. Um, I manage my risk very effectively when I'm working for, for an organization.
I do not violate their rules. I do not. I just feel like the risk is too great for me. And that's kind of the mindset that you should have. I've not I've yet to be in trouble for traveling or anything. They don't even know I'm gone. I'm I'm doing everything I'm supposed to do now. Another. That you should think about when you're travel, when you're doing remote work and you're traveling, even if it's a staycation in another state, nevermind another country.
One of the things you should keep in mind is there's a few things. You, you need a place that's quiet. Uh, like right now I'm in this room here. It's, it's very quiet. It's very, um, there. I, I don't hear a lot of noise going on outside, but I've been in some places, especially in Southeast Asia where the noise level is super loud.
Like I was in Vietnam, the noise level was so loud. Like it, it, privacy was fine. I could just go inside of my room or whatever and, and shut the door, lock the door, whatever. Right. And had encryption, all that kind of stuff. But man, the noise pollution outside was seeping into the room. So you wanna have a place where you.
it's closed. You have privacy because especially if you're dealing with secret in not secret information, if you're dealing with, um, sensitive information from a client like vulnerabilities or IPS, you have to have privacy and you're talking on the phone, right?  I'll get to the encryption and all that kind of stuff in a second.
But I'm talking about privacy. Like you're on the phone talking to somebody, talking to your boss, talking to peers, talking to the client, the customer, whatever. And you might be talking about some sensitive information on the phone. So you want privacy, a room where it's not leaked the information not leaking out, but also that room gives you quiet where you can actually speak to them and, and have a conversation cuz conversation, you know, The communication is huge.
That's a big deal, uh, in cyber security. So you need a, a private space, the other thing, and that's pretty obvious, but the other thing is security. Um, whatever system you're on, you need to ha make sure you have firewalls in place, antivirus in place, and a VPN virtual private network either built in from the organization.
Preferably. So that it's their level of encryption and you don't have to worry about, uh, some private organization's encryption getting, getting compromised or something, which does happen by the way. Um, you you're using their VPN and, and all the information is protected on their system. And preferably it's encrypted when it's stored, not just when it's sent, like, normally we were thinking, oh, when I send this data on email or me.
It's encrypted end to end, whatever, blah, blah, blah. But also it needs to be stored, encrypted that way. If the laptop something happens, it gets stolen. God forbid, something like that happens, lost whatever. Even if they get the hard drive out, they pull the hard, the hard drive out the computer, and they're trying to get that information it's encrypted so that it's gonna be super hard for them to get that information.
So stored encrypt. Uh, data at rest encrypted data in transit encrypted. That's the level of security that you want if you're traveling, especially if you're traveling abroad. So we talked about privacy and being in a closed environment, but also the encrypt, the security of the actual system itself super important.
Um, those are some of the things you wanna really think. When, if you're talking about traveling abroad, because those things are super important. Another thing is if you do go out, um, you don't want to do your work in public areas. Like this seems obvious, but it's very tempting to be in these beautiful locations and do your work as a cybersecurity person, especially if you're signing, even if you're an administrator and you're signing into a server remotely.
Uh, you, you really gotta be mindful of your environment because you never know who's watching over your shoulder. You never know who's shoulder surfing. You never know who's, who's, uh, monitoring the traffic in, in the, in a public environment, cuz it's legal to do that, to monitor the traffic, any kind of data going, uh, in, on a wifi network and stuff.
Don't do that stuff in public at all. Forget about that. Don't do. So that's just some of the stuff I wanted to talk to you guys about. I mean, other than that, I could tell you about how my trip is going. Right, right now, let me see if I can set up some pictures and stuff. I could sh that I had set up here to show you guys of my trip here and how it's gone.
It's it's been going pretty good. I'm actually already in the works of doing, of getting back into work. Um, I've been doing some interviews here, and this is me, um, uh, with my partner here, we're just walking in this place called, uh, what is it called? Azure. I'm that's where I'm at right now. This is what you're seeing.
It's called Azure, um, Azure residence. It's got like a, a manmade beach area in a like five, three or four pools and, and, uh, it's right by a mall and stuff. It's just a. You know, this job in cybersecurity is very stressful. So right now I'm in between jobs in between work. And, um, I just decided to take some time before myself, before I go back to another job.
Um, one of the things that a lot of people don't talk about.  um, they talk about how great it is to be in cyber security and they talk about, you know, but it, it, it's a very, it's a stressful job, especially if you're taking on. Um, if you're taking on very, if you're taking on a high level job, there's a reason why it's high level.
Right. Um, I was doing consulting for about three years and, um, it, it was, it was pretty stressful. Um,  on top of that. I had some personal issues and you know, the show must go on. So I was doing, dealing my own personal issues and dealing with work and I have a side hustles and stuff. It just got too much.
And I decided to, to quit now, the job, they offered me a sabbatical. It's really hard to. High level, cyber security people. So they were trying to keep me, and I said, you know, I don't know if I return because I, this there's a lot of travel here. You know, there's a lot of travel and I don't know that my issues are gonna be resolved and I, it's not compatible with, with my new life situation.
So I told him. Opt it out. And they said, well, if you ever wanna come back, you know, just to let us know. And I said, you know, I, I told me, well, thank you. I appreciate the offering. But in my mind, I'm like, I don't think I'll be back because there's too much travel and stuff. I'm, I'm hoping that me telling you guys my situation maybe will help you, you know, and whatever endeavors you have, whatever you decide to do with your, with your life and your situation and stuff like that.
So you have an idea of how this stuff.  uh, one of the great things about, about the position I've put myself in by marketing myself and continuously growing in this field is that I is that I, um, I always have job opportunities, so I I'm, I feel okay with this situation that I'm in right now, I was. Save up some, some cash and, um, and, um, I'm not worried about getting a job.
I, I, I know I can get one, so I'm not, I'm not stressed out right now. You know, I'm, I'm on my, my third or fourth interview and, um, and I'm okay because I have so many options and it's a, it is a great feeling to know. I have enough options to where, to where I, you know, I know I'm gonna get a job is just a matter of, of time.
And, and there's nothing for me to stress about. And that's just because I, I have, I've built up certain. I have certain certifications. I position myself with my experience. I'll have my resume constantly being marketed it's out there. So I have people contacting me on Monday through Friday, I'm doing interviews, doing screen.
And stuff like that. So that's kind of where I'm at. That's what I'm doing here. I got about four or five more days left, and then I'm going back, going back to, um, let me see if I could find another video for, for those people who are watching this video. Um, yeah, I'm going back to go back to work here real soon.
Um, am I excited about it? I've been doing this for 20 years. You know, my excitement for. For this is, is not what it used to be. You know what I mean? Like it would take a lot for me to be excited about a new position at this point in my career. Um, maybe I'll find something that I'm excited about. There's been a couple that I'm like, Hmm, this seems interesting.
There's been a couple, you know, that I'm like, I hope I get this job. And so I, yeah, there's, it depends on the job, but there's a couple positions. I'm like, oh man, I don't know if I want this. That happens from time to time. I know I can do it. I know I'm qualified for this job, but I'm, I'm like, damn, I don't know if I want this.
I don't know if I want it. So, uh, there's about three companies right now that I'm in the works that I might, that, um, that I might get one of, either one of these positions right here that.  that I might get. I, I don't know yet, you know, but they're all risk management framework type positions. I've decided to get back into that.
I had a few options. I could probably go into either seeing technology or I can go into cyber security, uh, analyst work again, which was fun, but I kind of, kind of want to get back into my roots was just information system, security officer work. So that's kind of what I'm where I'm at right now and what I'm doing.
and, um, I should have a job I'm expecting to have something lined up by, by the time I, uh, get home, I should have something lined up. So probably when within another week I'll have something, um, something that I can do. But, like I said, I'm not even if it, if I can't get one within the next, I'm trying to find another video here while we're talking, even if I can't find another video within the next.
Um, so another video , even if I can't find another job within the next, um, Couple few weeks. I'll be, I'll be okay. You know? So the way I position myself, I'm, I'll be fine. Right. My me and my family will be fine. The, the one thing that, that really hit me hard is that seems have gotten much, much worse, has been the medical.
I, I don't have good medical insurance. So my insurance at my last job was really, really good. And now I'm like having to just. Use this second hand individual insurance that barely covers anything. And I am spending probably a, a, a cool $1,500 a month pull with everything and I have insurance. It's ridiculous.
I had no idea how broken this system is in the us. It's it's very broken. It's so bad that me coming here spending all the money. I. And getting medical insurance here getting medical coverage. And like my, I check in my eyes check and stuff. It's cheaper than me doing anything in the us. Um, it, it, it's, it's just sad.
Like what the state of the us is, um, situation is, is actually is it's quite, um, alarming how bad it is and, and there's no intention. There's no intention to do anything about it.  so yeah, insurance is, is it's it's, it's a disaster, man. If there's anything that's driving me to get this job faster, it's that?
Because the I've got two kids and you know, they're in and out of, in and out of medical, you know how Calvin kids is. I don't know if you know, if you have kids, you know, I'm talking about it, stuff happens. So they're in and out of getting treat, getting checked out and stuff like that. So, and it's not cheap at all.
So, yeah, that's what I'm doing. Just kind of giving you guys an update on what's going on with me. Um, I'm doing right. Um, still helping as many people as I can, as far as getting work and stuff. Um, I'm gonna end this one here real soon. I'm gonna put out much more information on, on podcasts, much more podcasts.
I just have to set up the right site for it. I think maybe if I put 'em on the site that my, my normal blog site, maybe, I don't know. We'll figure it out. Thanks. Thanks for watching guys. Thanks for listening. I appreciate everybody. If you have any questions, comments, or concerns, please hit me up on YouTube.
Uh, comment, email me, whatever there are topics we can always cover, but I will catch you guys on the next one.

Sign up for free courses! http://convocourses.com
This is a live podcast from my travels in the Philippines. I answer some questions that I go on TikTok.
 
0:00 - Differences between NOC and SOC 10:40 - Go From NOC to a SOC 11:52 - How to Tailor Security Controls in NIST 800 24:36 - Certification should Match your Role 26:28 - Cybersecurity is about taking care of others 32:00 - Being Underpaid in information security 34:57 - Cybersecurity guys have crazy hustle 43:29 - Skills you gain as an ISSO 47:47 - When to Add Skills to Your Resume 53:18 - Asking for a raise as a cyber security 57:00 - information security and my remote opportunity 59:07 - cybersecurity tools and information security 01:02:49 - GRC tools xacta emass archer 01:06:16 - Helping cybersecurity people and risk assessments Check us out here: http://www.nist80037rmf.com/ http://instagram.com/convocourses https://www.facebook.com/ConvoCourses... https://www.linkedin.com/in/convocour... Podcasts / downloadable mp3: http://www.nist80037rmf.com/convocour... https://podcasts.apple.com/us/podcast... http://www.nist80037rmf.com/category/... #convocourses #cybersecurity #isso #nistrmf #rmf #usajobs #itjobs

 
A, this is con course's podcast. And, um, this is unscripted straight off the top of my head. , uh, probably, um, an ill advised way to do this, but this is how I do it. And, um, let's get this started. I'm gonna answer some questions and I'm keeping it live. So if you actually are talking to me now, you'll, you'll be, you'll have appeared on this podcast.
That's gonna survive forever. So let's do this. I got a few questions. First of all, from believe these came from my, um, from my comical YouTube comic courses site, but I'll ask, I'll answer some ones that came from email and everywhere else. And if you happen to be live and ask questions, I'll, I'll do my very best to answer those questions, but let's start with, um, let's start with, what is it like?
To be in it daily. I think I got this one. I got this one a few times actually, but I wanna say I got this particular one from, um, email, somebody emailed this question to me. What is it like to do it day to day? So, um, cyber security day to day. So it really depends on your job. Cyber security is a very big field.
It it's a huge field. Like you have all these different categories of CRI of, uh, cyber security. You've got people who are in cryptography, you know, mathematicians, people who are professional hackers, people who are, do pin testing, people who do assessments, cyber security assessments. You've got people to do information system security, officer work, compliance governance, people who actually are just firewall.
Administrators. You got. IP, uh, IPS, administrators, IDs, administrators, cyber security, and you get the idea there's many different categories. So when you say cyber security, what's your daily life. Like, it really depends on what job you're doing, but I can tell you about a few of them that I've done in my career.
Um, so I've done, um, I did, uh, network engineering for a while. I can tell you what that's like day to day. And I can tell you, I can tell you information system security officer work, man. I did that for a really long time. I can tell you what that's like, and I can tell you what a cyber security analyst does.
So let's start with the one I know the best, which is information system, security officer. What is that like to do every day? What's the daily life of that for, for every single situation. It depends on the organization and, um, you have a large. Medium and small organizations and what I've, I've worked in all of those and the, the amount of work that they get.
The, it really depends on how much work they're getting at that time too, is what's gonna affect your, those are all factors that are gonna affect your daily routine and how much workflow you have. Um, the biggest things that affect your daily routine is gonna be if they have processes that are in place, the best organizations are the ones who have very clearly defined processes.
And they're able to figure out how much work goes to each person. Those are the best because they allow you to actually manage your time. In the day. The worst ones are the ones who don't know what they don't have a clearly defined process.  um, policy or procedure, and it's just chaos. They're just kind of throwing things against the wall.
See what sticks, they're the worst. It's the worst because you they'll, they can have you doing work and then you, you deliver something and they're like, this is what we wanted, you know? And that's very frustrating, psychologically frustrating. Anyway, you wanna know what you do on a day to day basis for information security officer work.
So an information system, security officer is gonna be a person who is coordinating with a lot of different, uh, stakeholders. Stakeholders are people who have an interest in the information system, security assets and the assets of the information systems. The important information that they, if you think of a bank.
So in a bank, they have servers, uh, and they have their, all of their clients' data. The data is, is very essential to their business and the system that that data sits on is an asset, because if that goes down, You don't have access to your data or the data's corrupt or whatever. Right. So an information system, security officer is working with the people who have to, who are directly interacting with that data, interacting with the customers, interacting with the larger organization.
So they're talking to everyone from the C level execs, but mostly they're, they're talking to other technical people. They're talking to other, um, other policy people that's in the organization. So what are they talking about? They're talking about, okay. Windows, uh, had a bunch of patches on Tuesday. We have to wear those implemented.
Um, they're talking about things like that. Uh, they're talking about to, they'll be talking to like say the vulnerability management team. Like you have a whole nother team or a person who does nothing but handles the vulnerability management. So information's in security officer. One of their tasks is gonna be to make sure that the security controls are still, uh, in place effectively in place on a regular basis.
Continuous monitoring is their main. It's really the main job you do. That means all the time looking at the security controls and making sure that they're adequately in place that includes making sure documentation is up to date. That includes making sure that if there was a recent scan, you're gonna be looking through that scan and, and, and analyzing, okay.
Are our control still in place? You may do things like that. And then it, if something's off, like you have a bunch of critical findings, you have a bunch of things that says, okay, when Microsoft's out of date, um, Linux is out of date. Oracle's out of date, uh, Adobe Photoshops out of date, and you have this huge list.
Now you have to see what is going on. So you'll be coordinating with manager, be like, Hey, we just got this scan in. Could you take a look at the it? And it's looking like, it's really bad. Could you take another look at it? You'll take a look at it, right? That might take.  a few hours you're drinking in the morning.
You drinking your coffee in the morning where you're looking at this report and you, you now you have to figure out what's going on. So you can't arbitrarily just assume everything is, is bad. Like there may be some things, some of it might be a false positive. Some of it might have just been cleared. Is this an, is this old data, uh, is this stuff that we need to, that we can fix?
When can we fix it? You won't answer those things by yourself. So you have to coordinate with say the, the vulnerability management team. Maybe they, maybe they gave you an old scan. Maybe the scan is accurate, but a bunch of these systems are about to be decommissioned. They're about to leave. Like you have to figure that out.
So the only way to figure that out is to work with the team. So a lot of your work. Is working directly with the team to figure out what's going on with the, with the security controls. That's, that's the main job you do. And then you're documenting what's going on. Like, let's say you meet up with the vulnerability management team and they, you guys have a 30 minute meeting and they explain to you, um, yeah, those that is the most recent scan, but we, we just moved to this new scanner.
So here's the, here's the other scanner scan data. We just moved to another scanner. Uh, and here's the results. And then maybe you guys go through the results together, right on the call. 30 minutes later, you realize you don't have as many CRI uh, as many critical findings as you thought you did, but you do have a few and now you have to coordinate with another group, the system administrators, because you gotta figure out, okay, why is this, why haven't these, um, configurations been applied?
You meet with them. And you go through the same thing, like, okay, you're walking through. Here's what I found you. Show them what you found. Uh, vulnerability management team says that according to the new scan data, this is not configured correctly. Um, but they say that it is been patched, but it's not configured correctly.
Can you take a look at this and you guys look at it. So it's mostly with information, a security officer, it's mostly meeting with stakeholders, documenting findings of, of what's going on and continuous monitoring. That's really your main job. A lot of your time is spent interpreting controls, making sure the controls are still remain effective in the environment.
So. , this is a little different from what you might see for a cyber security analyst. So what does it look like for a cyber security analyst from day to day? Cyber security analyst is somebody who's looking at logs. They're looking at, they might work in a security operations center. They're looking at, this is just one type of security analyst by the way, cyber security analyst.
But the one that I did was I was in a sock and we just looked at, we looked at data coming in and out. So our whole day, and we did shift work because you have to constantly have eyes on the data coming out. And the data's constant. It's never, it doesn't stop. It doesn't have weekends off. It doesn't have holidays.
So the data's constant and going on all the time. As a matter of fact, when somebody really wants to hack you, they're gonna do it at 3:00 AM on Christmas Eve. You know, they're not playing around. So you, you have to have, you have to always be looking at the data. So your whole day is spent literally looking at.
Data on a screen and then taking some of it, taking the interesting traffic. That means the traffic. Like you already know, like there's, there's a certain amount of data that's gonna go in and out for, for people's work. And it looks, it might look suspicious, but you already know, like this stuff is, we already know what this stuff is, but there's gonna be just a little bit of traffic.
Like 1% of traffic that's called interesting traffic that you're gonna really look at and you're gonna analyze it. You're gonna take that data. Let's say it's like, it looks like somebody has tried to log in 5,000 times in three seconds, uh, into this one particular system. And that system might be an asset, right?
Maybe it's a, it's a, uh, system that you have in the DMZ that, uh, holds public records or something for. Uh, for, for your users, for clients, for the organization. So you might look at the, the logs on what's going on. Like what happened here? Was this an internal system you're gonna be looking at the source, the destination and what occurred, and then you're going to make a determination on whether you should escalate it to a security incident.
If it's a security incident, then you have to alarm someone else in your organization, an incident response team to figure for, for them to either check out that box, to see if it's actually hacked, see what this traffic is, and maybe even implement like a, something with the firewall team to stop. To stop that traffic.
So that's mainly what you do on a day to day basis for cyber security analyst work, where you're just basically looking at data, looking at logs and trying to find what, where the interesting traffic is to stop it, to see if it needs to be escalated or to ignore it, uh, is something that needs to be ignored because we already know what this traffic is.
It's something that our people need to do their work. That's, that's kind of your whole day and it's shift work. So you're gonna rework like either a day shift for 12 hours or a mid shift night shift, uh, a swing shift for 12 hours or a night shift for 12 hours. So, um, the last one, let me see, we talked about information to security officer.
What do they do? We talked about cyber security analysts. What do they do? The other one is technical. I where you're actually fixing things. So this one. Let me see, let me see. Uh, I was an architect doing, uh, a seam, some seam technology. At one point. My job was what I did was I was in, in, in charge of, uh, or one of the people on the team.
I don't remember what did I, I was in charge for a little bit, but I was a part of a team that made sure that this scene was up and running at all times. So if something broke, um, somebody would ring the alarm, call us whatever they have to do, and we have to come in there and fix it. So we had, we were responsible for upgrading it, setting it up and maintaining it.
And, and in some occasions we would create content, uh, for the actual analysts. So we, that means that we would make sure we would look for things like.  we would create like a rule we'd like, it was like, it's not programming, but it was, it was very similar to programming. Like you would make a rule set that would, would trigger whenever, say somebody try attempted to log in a specific system, a certain amount of time, um, within a certain period of time or something like that was what you, you could do.
Or if somebody came into this port on the firewall and they went to this system and they, they did this service, you would write a program. So it's not really a program, but you would write content to where it would trigger and then send an email or a message or pop up on a screen to tell the security analyst, Hey, look at this.
This is interesting traffic. This, this might be of interest to you check this thing out. So that's what I would do my daily routine. Was, if there was nothing going on, like if there was nothing to fix or if there, you know, nothing is down, there was no, um, there's no content to create then, you know, sometimes I'd be organizing some of the old content that they had.
Like they'd have all of these old, um, manuals. I would update those. Um, or I would, I'd be researching like the new upgrade or.  just studying a lot of times I was studying to be honest with you, cuz I, I was new to the system. So a lot it's probably 70% of my time was studying the system and trying to figure it out and then learning the back end of it.
Cuz at the time it was on Oracle, it was very complicated. So we were, I was trying to constantly study and figured things out. So that was 70% of my time was studying. Uh, and then the other percent of my time was fixing things, oh, this thing went down or Hey, we, we need content for this or creating content for people.
Uh, so that was, that was what my job was like. And I noticed like most of my purely technical jobs were like that where you were just pretty much sitting around until something went wrong until something happened. Like when I worked, when I was doing network engineering, most of my time was like studying, studying Cisco stuff.
And if something was, nothing was broken, we were just waiting. We were just sitting there waiting or we'd be on call or something like that. But um, it wasn't.  it wasn't constant meetings. It was in a way less stressful because you only would get stressed when something was broke. And then it was like a, you know, it was like an alarm and things on people's hairs on fire, people panicking and freaking out and stuff like that.
So the technical jobs I would say are actually easier. I know that sounds crazy, but actual, purely technical jobs, you're sitting around waiting for something to happen. And if nothing's happening, you're chilling. , you're chilling, man. Um, you could chill in a, a cyber analyst job. The, the analysts who weren't very good or don't know what they're looking at.
They, they kind of just, they didn't really have a lot to do cuz they don't know. They don't really know. What's interesting traffic and what's not, they don't, they didn't really know like how to. Where to go or what to do. So they were to stand at a screen of a bunch of data they don't understand. And so that we would, what would happen is they would get these other tasks.
Hey, do this task clear out this queue here. We have all of this traffic look through all of this traffic right here and see, you know, see if you see anything, stuff like that. So that's what you do on a daily basis. I hope that that answers that question. Somebody ask me, what do you do if you're information is security officer.
So I just expanded on all the other ones. Let me see, what other questions do I have here? Uh, what is it like working in it? It really depends on the job. Um, it, it depends on the job that you're doing, having done purely technical operational, and, um, like a more of a management side of the house. It's, it's different for each one.
Um, over, over, I would say number one, there is. There's way more job security in it. I will give you that. So let me, let me give you some pros and cons pros. Let's start with the pros. There's way more job security in it. Even if, even if you're a contractor and you get laid off you, if, if you're an it and you got like two, three years of experience, you can get another job.
It may not be the job you want. It may not pay as well as your other job. A lot of Americans, they complain about, they can't find a job. They really there's lots of jobs here. A lot of times they don't wanna do this or that job. And it's the same thing in it. Like a lot of times you ha there's jobs there, but it doesn't pay this.
You don't feel like moving here or there there's always something going on, but. There, I would say it, the biggest pro for me has been a job security. I can always find a job. It may not be where I want to go. It may not be not what I want to do. It may not be a great company. It may not pay well, but it is always a job that I can do.
Um, another pro is, um, I noticed that it is less and I, I know this is not gonna apply to everyone, but they don't tend to care where you're from or what you look like. As long as you can do the work. I, this is such a huge bonus because I've worked in other jobs before. You know, when I was much younger, I did other jobs.
I was a cop, um, for a, a, a whole like five years. And for being a cop, first of all, is the most stressful job I've ever done in my life. Number one, number two, you had there's.
they're not gonna discriminate necessarily against your size or weight or whatever, but you did have to be in some kind of physical shape and then you, uh, Hmm. How can I  there is not Des I mean, I'm not gonna say it's discrimination, but there in it, they, it just takes your mind. Like you don't have to be a physically fit.
You don't have to be so tall or you don't have to, you know, like it's, it's less based on physical and more focused on what you can bring, who you are, what can you can bring to the table skill wise. And I really appreciate that. That's a huge pro that I have not seen in any other jobs. I was, I was. In my life.
Um, another pro, let me see what are other good things, benefits of it. It pays, it usually pays better than most jobs. I would say. That's another thing. It usually pays and has more benefits like medical and stock options and 401ks and all. I bonuses, all that kind of stuff you see regularly in it. You don't always see that in security jobs, like physical security jobs, you don't always see that in, in some of the medical field jobs that I've my, my wife is in a CNA.
She doesn't see a lot of stuff that I see as far as like, it has so many extra benefits and perks and more money on as, as a whole. It, it pays more, not all jobs, but on average it pays more than.  whether you're in retail or you're, you're, uh, a cook, or if you're, if you know, restaurant hotel industry, they, they make way less money.
As a matter of fact, a, a old coworker of mine, um, who worked on that sea system with me, he was like a professional services, sea, uh, guy, and a sea is a security in, uh, information event manager that collects logs. And then people look at the logs or whatever, but he worked at this company. He told me that his dream was to become a cook.
And he did, he actually, he was an older guy. He was like, I don't know when I met him, he was like 45 50, something like that. He's my age now. But back then, you know, he was, I was in my thirties, he was, uh, 15 years older. He, something like that anyway. So he was telling me how he used to be a cook back back in the day, like in his thirties and twenties and stuff.
And he. He, it was his dream job. He's a great cook. Apparently he actually ran his own hotel and he was, he said, it just didn't pay that good. It just wasn't. And he own, he owned his own, uh, restaurant DESA hotel. He owned his own restaurant at some point he was a cook and he did, he went to school to be a cook, all that.
He spent $30,000 to become a cook, all this stuff. And he, he wasn't making a lot of money. And, uh, he said he moved into it because it makes more money. He didn't necessarily wanna do it, but it just made so much more money. Like he was making like six figures when I was talking to him and had all these crazy bonuses from selling stuff, like from selling it products and services.
So yeah, I.  it pay is way better. Some of the cons let me see. So pros, we talked about it doesn't they don't look at you physically. Um, they just wanna know what you can do. That's why they'll hire people from other countries with a huge accent. They'll hire people who are super, who, who are goth and have earrings in their freaking face, you know, have tattoos all over.
Uh, they'll hire people that, you know, black, white, Asian doesn't matter. Like they don't care. Can you do the job? That's what they care about. You know, that's a huge for me, huge bonus. I love that. I love being able to work with other people too, all from all over the world. For me, that's a, a huge bonus. Um, and it pays well, has great benefits.
So we talked about all that. Now let's talk about the negative stuff. The negative stuff with it is I would say it kind of depends on what, what part of it you're going to, it can be very stressful. Um, and.  in what I do, which is more of, uh, it's more governance and risk management framework. It can get very, it can be very stressful at times.
And then if you are a, um, another one I've done, I currently do is risk assessments. It can get very stressful. There's a lot of money involved and companies, uh, you know, their whole, sometimes their entire livelihood depends on the assessments that they get.  cause they, you know, there's a lot of stress involved and, and they're constantly under attack by, by all of these D.
by all of these different, um, you know, hackers and stuff. Like it's a, it's a war going on all the time. So it can be very stressful depending on what job you go to. I've been at some jobs where like the network engineering job wasn't stressed. It was, it was pretty chill. Like we didn't, we just didn't do anything until something happened.
Like we studied, of course, you know, or, or maybe they want us to document the, the, the network or something like that. But if there was nothing going on, so there's nothing broken, you were chilling. It depends on the job. So it can be stressful. Um, it can be volatile too. I know one of the pros I said was that it makes more money and it's more stable, but you can always find a job.
But that said, it's constantly moving. Like it's volatile. Like you constantly have to learn to keep up with the craft and you, you know, in that way, it's not like banking where you learn it one time and then you're good. Right. You, you learn how to flip houses one time and then it doesn't, it's not gonna just suddenly change.
It's gonna remain that way for years in it. Like you constantly have to learn so that for some people that's definitely a con um, if you, if you, you can lose your skills, you know, it's, it's almost like a musician, like a, a really good guitarist. Like if you don't play for a long time, you can, you can lose your, your skills, but also it's constantly moving.
So, and then, like another thing that's volatile as a company is, are constantly moving. Like you can get into a small company and they, they get this huge opportunity to have a contract with this gigantic organization. And then they make millions of dollars for a while. Then boom, it's gone and they hire someone else.
It's just volatile in that way. So those are the main pros and cons of it. Uh, it can be stressful, it can be volatile, but on the other end, it makes more. It is pretty stable if you have the skill set and, uh, and it has good, pretty good benefits. So somebody said techno piece says, I have a question during an, an interview.
Uh, what is the question? I have a question during an interview, so says, uh, they ask me, how will I configure a new it information system as an ISSO? I told them as an ISSO, I don't configure them, but I ask, uh, they ask me to just explain the process if I'm faced, uh, with the job. Here's what I would say.
And I don't know if this is right or wrong, but anytime I I'm asked questions like this, I always tell them, like, I will. I'll re rely on my team. Like, uh, what am I configuring? Number one, like, it depends on what I'm configuring. Let's say I'm configuring. This is what literally what I would say on this interview.
I, I would say, well, it depends on what I'm configuring. I have done it before. Right. Important piece. I have done it before, but normally what I do is I consult with the person who is in charge of that system. Let's say it's a, uh, um, let's say it's a firewall, right? So number one, what kind of firewall is it?
The person who's in charge is gonna know what kind of firewall that is. Um, if it's a, let's say, oh, okay. It's a Cisco ASA. It's a Cisco ASA firewall. All right. I would sit down with him and I would wanna see how they've configured the firewall. I'd sit down and, and, and work with them to figure out, um, how we can best implement security on this system.
So. What I'm so right here, what I'm telling them is that I am willing to do that work. I wouldn't. So if I tell them, well, I don't do that. I'm I'm an ISSO. I don't, I don't do that. I'm right there telling 'em what I'm not gonna do. You don't wanna do that. What you wanna do is tell them, you wanna tell you want to always emphasize how you can help them right now, if you don't want to do anything technical, then yeah.
You said the right thing. Cause you don't want the job basically. But if you want the job, you don't wanna tell 'em no, you don't wanna tell 'em no, you wanna, you wanna find a way to tell'em. Yes. Does that make, I hope that makes sense. So like I said, so number one, I'm telling them immediate.  well, the first thing I'm gonna first.
So first of all, I do have experience con um, configuring systems. I do, um, now as your is, so I'm gonna work with the people who are in charge there. I'm assuming that you have a team that's already doing the firewalls and by the way, what is it? Is it, is it a firewall? Is it server depends kind of depends on what I'm doing.
They let's say they say server, what's the server 2012. Okay. So the server, uh, windows, Microsoft 2016, whatever server it is. So I'm gonna sit down with the team and I'm gonna learn what it is, what we're doing to the, to the standards of the organization. So yeah, I'm gonna work with the team, figure out what's going on and then do, and make sure that the system is configured within the security standards and policies within the organization.
I'm telling them yes, I'm gonna do it. I'm telling them I'm willing to work with a team I'm telling 'em. Yes, yes, yes. That.  has gotten me hired almost every time, almost every time, because nine times outta 10, the place that you're going to is working with a team of people. They wanna know that you're willing to work with a team of people that you're willing to roll with the punches, because some, some especially smaller organizations, smaller organizations are awesome by the way.
They're awesome. Because especially if they're on the rise, you can, you can get stock options early in the company. You can get, um, you can be a part of the building, their, their actual organization to this next level. Um, they're usually way more flexible with you. So anyway, you're in a smaller organization and a lot of times they need you to wear multiple hats.
Like, it sounds like what they were really asking is are you willing to do.  right. Not necessarily because it, especially if they didn't tell you the con, if they said, okay, it's a firewall, you're on a firewall, ASA, Cisco, and you need to configure it to, um, to block the, any anys on the firewall. Now they're asking you, okay, are you a firewall administrator?
That's kind of different. They're asking you to step through what you're gonna do. You know what I mean? That's, if you don't have the skill, you don't wanna lie to 'em and try to, to fake it. You want to be like, no, I'm not really a firewall administrator, but I'm willing to learn, you know? So once again, you're telling, you're telling them yes.
Like I don't, I have not done it before with an ASA, but I'm willing to learn. I, I have worked with a. Uh, Juniper, firewall, whatever. I don't know if Juniper even has a firewall. I have worked with a P I'll tell firewall, but I've never worked with an ASA one, so I'd be willing to learn it. You know, I'm not sure directly, immediately how to configure it, but I'm willing to, to work with your team and learn it.
So, so that, that would be how I would answer it. And it's worked every time. As a matter of fact, current job that I had asked me something to that effect. They asked me a question. I didn't know. They asked me, um, well, I think it was PCI compliance. I'd never done it before. I've never done. I'm not a PCI guy.
PCI is a, a risk management framework for credit cards. Uh, for credit card systems, systems that take your credit card information, they have to have a certain level of security, uh, to protect our privacy. Whenever you run your credit card through. And I didn't know it, I, and I flat out said, well, you know, I told here's what I said.
He said, so have you ever done PCI? Because we have a couple clients to have PCI and we need somebody who has that skill set. What do you bring to the table for that? If you were asked to work with PCI, what can you, you know, what can you bring? And I said, well, you know, sir, I, I've not done PCI DSS before I am familiar with it.
I've heard of it. I know it's in line with what I've done before risk management framework. But to be honest with you, I've never done PCI on. On, uh, on a system before, but I'd be willing to learn. It is something I'm actually very excited to learn about, you know, and I'm, and actually I have looked at it before and it looks very similar to what I've already done many, many times with risk management framework.
So I'd be very interested in, in learning that with the boom. All right. Somebody said, I just completed online course risk management framework and, and FSMA. And I watched a lot of your videos and I will like to know your best advice on getting my first job. What kind of job, uh, what kind of job you willing to recommend?
I apply? What kind of job will you recommend? I apply to, um, okay, so for this, I would ask you brown. What kind of background do you have? What's your, what's your background? First of all, is what I would ask you. Because what your background is, is gonna determine what I would recommend to you.
Um, I, I get this question often. I get this question often brown. So it really depends on what your background is
SCA at brown. Are you okay? Michael Fernandez? You're saying SCA, are you brown or , I'm wanting to know what Brown's background is. And I can answer this question to the best of my ability,
um, because what I could tell you is like what I've told some other people I can give you a couple examples. Um, I had a teacher. Who was like a superintendent and, uh, he or she, uh, I have, I've had a couple teachers ask me this and I don't blame 'em because teachers are not paid super. They're not paid.
Like they should be, I'll put to you that way. But a couple of teachers more than one have come and reached out to me and said, Hey, look, I'm trying to do what you're doing. How, how do I get into it? And I told them, listen, I said, in this, they, they don't have technical background. I said, look, you might not even want to do it stuff you might wanna do.
You know? And I gave 'em some examples of stuff that are in parallel with it, such as, uh, program management program managers make as much or more than your average it person, but they're not having to do all this technical stuff. They don't have to take a security. Uh, they don't have to take an it certification.
They they're, they have their own whole path that has its own certifications. And if you've done administrator work before, it's gonna be just, it's gonna make sense to you. It's gonna make if you're a program manager. So that's one thing, but brown says I do not have a background in risk management. I'm a cable technician and I'm looking to branch into it.
Okay. So first of all, you're in, you are in a certain, you are adjacent to it. So what I would do personally, if I was where you're at, you're, you're actually in a good position here. And then let me explain to you why, um, explain to you why, so as a cable person, uh, when you get into networking, Networking has some stuff about cable, cable, uh, land cables, how it can, how to, how to, um, oh my Lord, I'm having a huge brain.
I can't remember what it's called, but you have your four pair or your eight pair wires and you have to, uh, configure the wires to in a certain way to send data or dis send voice. And I, the names are escaping me. I just haven't done it in a really long time.  but what I'm trying to tell you is what I would do if I was you.
If I was a CA if I laid cable, if I, if I was a cable technician, what I would do is start to, uh, get into networking, cuz networking is gonna make a lot of sense to you as an, as a cable G person. Um, let me show you, let me show you if I can, uh, show you my screen here and now, now keeping my I'm doing this.
Straight off my, off the dome here.  so, um, if I was in doing cable, if I was running cable, cable technician, and maybe cable for like, uh, people's homes, like actual, um, what is it called? What's the cable called that you run? Is it it, do you mess around with cat five at all? Or is it all, um, what is it called?
10 base T man I'm really dating myself. What kind of cable is it? Is it actual? So regardless of what kind of cable it is, I'll put it to you like this. If you get into networking now I'm on indeed.com. I use this a lot. A better site would be dice.com or linkedin.com, monster.com. All those are very good places to go.
But what I would do if I were you, is I would look into.  entry level networking. It's gonna make sense to you. It's some of the, what stuff that you do in cable in cable lane, cable, cable technician is going to align with networking. I guarantee it cuz you're gonna understand some of the stuff that they talk about with signals.
You're gonna understand some of the stuff they talk about as far as different types of cables, having different kinds of signals. If you ever worked with fiber, if you've ever worked with, um, a 10 base T I don't, I don't remember coax cable or if you've ever worked with, um, uh, ethernet E um, cat five or cat six.
So those are all things that you probably have touched before or have heard of. So it's in line with what you're already doing. So number one, if you go to nd.com and you look for entry level networking jobs, Entry level networking. You can follow along with me if you want. I'm on indeed.com and I'm just typed in entry level networking.
So here you have tech, you have a help desk technician. Now, you know, don't, don't laugh at these positions. You want somewhere to start, right? It's very important. You get your foot in the door with the technical entry level position, cuz nobody, you know, and think about your bank. Like you want your banker to be fresh off the street and not know anything about banking.
No, you want 'em to have some level of experience and the more, and so I'm kind of going through these entry level networking so that in net networking itself is not a good, is not good key word. Um, so you said CCN a, so you said, I totally understand your answer. I've looked into networking courses and I'm very familiar with the CCNA exam.
There you go. Now, this guy knows what he is taught. That's this direction you go CCNA. So let's type that in entry levels. In fact, you can actually start with a CC E N T, which is, um, entry level, uh, certification for Cisco that I think you have to start with a CC E N T these days. I don't know I've been so I'm so out of that, outta touch with networking these days, but look, it support engineer one.
It doesn't start off with a lot of money, but you're not looking at the dollars per hour just yet. Right now you're focused on the skill set, the skills and the experience that you get equal money. Okay. That's the, that's the key it field technician is another one that you will fully understand and, and completely.
because a lot of this is actually implementing people's local networks. Uh, it help desk it, you wanna start off from the beginning and you go on to say, uh, I want to work remotely because I recent a recently family dynamic. And so I took the course in, um, I took a course in risk management framework and FSMA.
So to start off with that's good. I'm not saying don't, don't study risk management framework. Very, very important. And I'll tell you why. Okay. You're gonna wanna make your money initially and get your foot in the door with networking. Here's what I would do. Here's my strategy. Cuz what I would do from you, from where you're talking about, you're going to wanna get your foot in the door with networking.
Why? Because you're gonna, first of all, you're gonna understand it almost immediately because it's gonna be talking about signals. It's gonna be talking about different. Media that you use to transfer data. You're gonna get that. So you're gonna, it's gonna click to you number one and not, not a lot of people understand networking and it's super important piece of being an it person that a lot of people don't get.
You're gonna understand it. Okay. Now it does go into, uh, TCP IP and all that kind stuff, but that's your bread and butter. You gotta learn it. And, um, you gotta learn it. I P V four, I P V six. You have to learn it all. It, it has a little math in it. It is not impossible. It's not fricking rocket science. Um, so if I put to you like this, if I can do it, you can do it.
All right. So anyway, so I was from cable, uh, technician. I would go into networking as an entry level person. All right. You're not gonna just jump into risk management framework and FISMA. All right. It's just, it's really, it's. Any kind of security stuff. It takes three to four years of it to get into cyber security.
All right. Cyber security is not an entry level. It's not entry level stuff, but I can tell you how you can start to get on the on ramp for, uh, risk management framework, FSMA and, and cyber security, where, where there's money by the way.  but networking has money too. So start with networking. Get your CC and E N T get your CCNA.
CCNA is money it's cash money. See, let me show you something else here. Let me take you back to the screen here. Here's here's why I would take the strategy of starting off with networking. Let me show you something I'm just gonna type in CCNA here. CCNA is a damn good certification. I know because I had it before and my first it job outside of the military is because I had a CCNA.
CCNA is no joke. Uh, if you get a CC, especially now, it's much harder to get. Now, when I get, when I did it, it was like one test. Now they've broken up into two or three tests. Um, it's, it's much harder now, but look at these jobs, like, look at this, look at this. I don't know if you can see this, but that says net, uh, network operations technician.
Now, all I did was type in CCNA and this is a $60,000 job. Okay. Now there's some for $22 an hour, but these are entry level positions you wanna get into those entry level positions do 'em for about six months to a year, put it on your resume. And then the next step is gonna be something like a network administrator, a junior network administrator.
Okay. You're and with networking, you really gotta know your stuff, by the way, you can't just, you can't fake it with networking. They'll test you right on the spot. It's kind of like software engineering. Like if you don't know, if you cannot fake. Network engineering or software engineering, they will, they're gonna, they're gonna see immediately if you know what you're talking about or not.
That's why it's imperative that you start off get your CC, the CCNA, CC, and T is so that you can study and know the common body of knowledge that you need to know in order to, uh, navigate these fields that you're about to get into. All right. And start to, uh, start to create your own virtual environments, cuz you can literally start to study it and have your own network virtually on your PC and start to know how to network, uh, routers and switches and uh, and stuff like that.
IP routing, all that kind of stuff. You can literally start to do it on your own system with something called, um, GN. GNS three is one of the ones that you can use. And they've got tons of other applications that you put on your computer, and it has like a little network diagram, and you can configure this.
You can log into this little, uh, virtual router and then configure the interfaces on the router and all that kind of stuff. So, yeah, like I'm excited for you, man, if you're actually doing this, um, I'm really excited for you to, to start your career, cuz I think you're gonna click on it and it's it's gonna work.
And you say in, in risk management framework, I'm familiar with documenting, uh, FIPs 1 99 FIPSE 200, um, system security plans. I believe I am competent for the task. I want to move out of, out of the networking field. So you're saying that you are already in net, in the networking field. Is that what you're.
because you said that you are a cable technician. If you're cable, I'm assuming that you, you are somebody who installs cable for people, whether that's so you, you, so if you're okay, let me give you a couple of, of things here. It let's say you are a network engineer and you've been in the field, um, for, let's say a year, like you've been a network engineer.
You worked for an organization who has routers and switches. You understand routers and switches. You, you can set up a network and you have about a year of experience and you let's say you have a C uh, you, you didn't say yeah. Any certification. So I'm assuming you don't first, uh, first step, if you are a network engineer and you have a year of experience is go ahead and go for a security plus, go for a security plus security plus is a very good certification and it, it will get your foot in the door of a many different jobs.
All right now I know people. There's gonna be some people who watch this video, especially it guys gonna be like, why is this guy always talking about certifications? I'm trying to make people money. Listen, the industry, you may not like it. But the industry does look at certifications and they, they look very highly on certain certifications.
Security plus is one of those certifications. So get the certification. I mean, if you wanna make, do you like money? If you like money, get the certification, you don't have to like the process, you know, don't, , it doesn't make sense to hate the, to hate the, the game. Like, I mean, you can hate the game, but play it.
You gotta still play it. You know what I mean? So get the certification. Okay. So brown. Like you rightfully said, my job is borderline networking. Exactly. That's why you start off brown with networking because you already understand it. Get your CCNA, get your CC. E N T. I'm talking about if all you do is if you're a cable technician, your next level is network either, either help desk or network engineer.
And I'm saying network engineer, because if you understand networking, you are already a three steps ahead of most people who are entry level in this in it. I mean, if you're an it guy, tell me I'm wrong. Most people don't understand network. And they get through this whole field without knowing, understanding it without doing any of it.
You already have a little taste of it. And all you gotta do now is take that next step, which is get that CC E N T CCNA, whichever one, I think CC, you gotta get C, C E N T first then, uh, get your foot in the door with a networking job, like a junior level networking job. After you get about six months to a year in, you could probably go straight for a security plus and apply for a risk management framework job.
You, you can apply. I mean you can, you not probably you can apply for it. I can't guarantee that you would get it. Um, they're looking for a little bit more experience, like two, three years of experience being doing it stuff. Um, but you could, if you, with your cable background, you could probably have a little bit more leverage in there.
Another question is, do you have a degree? That's another one. Michael, uh, Fernandez says they will ask you for a security plus and a C E H. Um, , uh, don't hate the game. Yeah. I mean, that's another one C it's funny because CCE C H people hate that's, especially hackers, man. They, they talk so much crap about C, C, E H.
And I'm like, listen, the HR departments who are hiring people and paying people who are, hold the purse strings, those are the guys asking for the C, do they know what they're talking about? Of course not. They're not it people, you know, the real certification to get is the O S C P or the, you know, Cali Linux, those kinds of certifications.
Um, San's course pen testing certifications are legit. C is, is know, listen,  ch is a list of different, um, is the processes that, uh, you use for, uh, pen testing and hacking stuff like that. And it's just a list of tools and that's the test. , I mean, that's from what I've heard. Oh, okay. But guess what? It pays a lot of money.
Like if you like money, then do it. If you like, if you like money, if you don't like money, okay. You know, go hack some systems or something. Uh, brown says, uh, and I know people are gonna hate me because I said, just said that, but I'm just saying like, I mean, do you, do you wanna make money in this field or not?
Uh, brown says what if I was a teacher or a nurse? Um, like I said, You brown, if you are a cable technician, you already have a leg up on a teacher or a nurse. I do get teachers and nurses contacting me, asking me to if they to do risk management framework. And what I tell 'em is I'm honest with them, like doing cyber security takes two to three years of solid it.
Now, if you've been doing cable work for a while, guess what? Some of the stuff you've done qualifies as it work. So you're, you're almost there. Your next step is to do pure networking stuff or help desk either one would do, but networking would be way, bit more beneficial to you in the long run to, to I'm just telling you.
Um, so I would, if you were a teacher or a nurse, what I'd normally tell them is I tell them that either go into, um, , uh, he some kind of entry level help desk job, which is gonna be hard for them cuz they they're starting from nothing. So I'll tell them, Hey, use your current job at, as you nurse, let's say you're a nurse.
I say, use your current job to at your hospital. Let's say you work at, um, I don't know, Centura or some local hospital. Right. And you're a nurse there. What I would do if I was a nurse at a hospital, I want to go into its, I would start talking to, uh, the it guys there. I, I talk to them, see if you even want to get into that career field then if they're, if it's, if it's legit and you're like, wow, you know, this is something I really want to do.
Talk to the, uh, talk to your HR department. See if they have any programs for nurses to go into it. You'd be surprised. Talk to the organization you work for. Even if it's, if you're going to a college, talk to the organization that you currently work for.  and say, Hey, I'm, I'm really wanting to get into it.
Um, do you guys have any programs to start it work? Ask him, just ask him, ask the local help desk guy. Usually some geek will really wanna talk to other people about their job, um, about either how horrible it is or how great it is, you know, and they're cuz they're, you know, um, you, you can really, they wanna talk about their craft, especially if they love the work that they do, they're gonna want to talk about it.
So, so that's what I would say. Um, that's what I normally say to people who are coming in off the street, meaning like they have zero background, not like you that already has. You're already doing cable stuff. You're already doing something kind of technical. You actually have a leg up on most people even I would even argue some it people you actually have more experience.
You probably  you're you'll be surprised. Um, once you get into this field, Um, you'll be surprised. Okay. Let me read a couple more comments here. It says I am a Cy, M J says I am in, I am new to the cyber security field. I received my master's degree in cyber security. Congratulations, but I cannot get my foot in the door.
I received my degree in 2018. Any suggestions of what to do? Um, when you say new to the cybersecurity field, do do you mean that you, do you have a job currently? Oh, I am currently doing help desk work. Okay, good. This is good. Okay. Here's why I say, how many years of, how many years have you been on the help desk?
How many years? And then do you have a certification? Cause now what you wanna start doing is mapping out your path, but it depends on how many years you have, or do you, how many months, how many, how long have you been on the help desk? And do you have any it certifications.  my next question would be what, where do you live?
Because some places, the reason why I'm asking these questions is because you wanna level up certifications is the way to do it. Like I said, a lot of it guys, don't like to hear this. Like they don't like paper tigers, about 10, 10 years. You have 10 years on the help desk. You have 10 years on the help desk.
Is that what you're saying? Okay. How many certifications do you have? Do you have any,
you have an, a plus a network plus and a cybersecurity plus. Okay. Something's wrong? All right. Where do you live in Maryland. Okay. Something seriously wrong. It's your resume?  because resume is the Mecca of cyber security. Yeah. There's no, there's no other place. There's no other place on earth that has more jobs for cyber security than Maryland.
You're you're in the, the Mecca, excuse my reference. Religious references here. You're in, you're in the main place where people hire everyone. There's something's wrong. Like it's either your resume or something's going on. Like I, yeah, you should, you should have people in line to give you a job. Yeah.
Maryland has the most jobs. Like it has more jobs than I'm in Colorado. It has more jobs in co Colorado is like five bases and Maryland that area. It's not just Maryland itself. It's Maryland, Washington DC. And uh, that whole area in Virginia, that whole area has more. And why, why is that? Let me explain it.
They have. More federal organizations there, I think, than anywhere else in the United States. If I had to guess they have all the three letter organizations, they have department of defense, they have several other federal departments there. Le and then you have like three states with all, with all kinds of state departments.
Like you have so many jobs there. So whenever somebody says, I can't find a job and I'm an it guy in Maryland or Virginia or whatever, I'm like, there's something wrong with your resume, man. It's it's gotta be, it's gotta be, I mean, it's people offer me jobs. I'm thousands of miles away and they offer me jobs in Maryland.
Constantly. I have to turn my phone off so, so that they could stop calling me. I don't. Yeah, something's wrong with your resume?  all the jobs. I, um, all the jobs I'm out for, they denied me because of the lack of working experience. You have 10 years of experience, it's your resume. So I mean, what I would, what you could do, um, you said you already have a security plus a compt security plus.
I mean, I, I don't know, like, are you a us citizen? I mean, I something's wrong. Michael Fernandez says he lives in Maryland too close to DC. What? The F yeah, exactly. WTF. That makes no sense, man. That makes no sense. I'm in MD and still waiting behind, uh, to be hired, maybe resume. Yeah. It's, I'm telling you, I'm telling you I get so many offers from that place.
I mean, I it's constant most of the jobs I'm. Okay. You say, uh, 10 years on the help desk? Not in cyber security field. Okay. So here's the thing, my man, and all you guys like, listen, if you're on help desk, you have done cyber security work before you just have to, you have to put it on your resume. What you do is you put it on your resume.
Have you ever updated a, a, um, an operating system before if you've ever updated signatures on, uh anti-virus. If you've updated the anti-virus software, if you've installed anti-virus software, have you ever created an account for a user? Have you ever, uh, all of those things are cyber security, uh, things that you've done.
Have you ever written a document for your organization that have you ever written instructions for your organization? Have you ever participated in helping them out with the policy? Have you ever done continuous monitoring? What is continuous monitoring is scans, have you ever, have you ever helped part of your organization run scans before?
Have you ever had to connect the system to the network and had to put security on that, on that system? All that stuff should gotta be in your resume. It's gotta be upfront cause you've done security before. You're not just some help desk guy. You've done secure, especially if you've done this for 10 years.
If you've done this for 10 years, you've definitely have 10 years of security experience. Active directory. I mean, come on, you gotta work with policies. You gotta work with, uh, domain. It's all securities. It's so many security stuff wrapped into, uh, endpoint devices, like where you have to lock down the system, lock down users, all that security stuff.
You just have to put it on your resume. It has to be on your resume so that you can say legitimately say I've done cyber security since 2000, the year, 2000 or whatever you said 10 years. So the year 2010. So yeah, you can legitimately put on there. You are a cybersecurity person. If you have done any of the things that I just said for a number of years, you just gotta put it on your resume.
So if, if you, if you are presenting your resume in such a way that it looks like there's certain things you put on your resume, that makes you look like, um, that you've been doing, you are on the help desk for a couple years. Right. But if you've done all this stuff, you need to put it on your resume in may and you need to highlight the cybersecurity stuff you've done.
And you need to put a ton of, of keywords on your resume so that people will see it. And when they do, as a matter of fact, let me, let me just show you a couple things real quick. Before I get off this thing, I gotta go cook some dinner, but, um, I just wanna show you something real quick. I wanna show you something, couple things.
I mean, I wanna enlighten who, because I'm seeing a couple people. Listen, I I've been in I'm. I live in Virginia and I don't have a job. And I'm an it person. And I'm telling you that that is nonsense. I mean, I'm not saying you're a liar, but I'm saying that's ridiculous. That is ridiculous. It's Virginia, DC, Maryland are the hotspot for this whole thing right now.
It's gonna change it. It's not, it's not gonna last forever. Just like Silicon valley. Didn't last forever. You know, it's not gonna last forever guys right now, though. It's a gravy train. It's a gravy train. There's people starting businesses out there. There's people, uh, hiring tons of people out there. I'm not, I'm not even messing around with you half the jobs that I've gotten came from Maryland.
If, and I work from I'm in Colorado, I probably took four or five of you. Guys' jobs. I'm not, I'm not lying. I'm not exaggerating. You gotta, you gotta fix your resume. Because that's the only thing I can see. That's gotta be wrong if especially if you're doing the help desk for 10 years and wanting to get out, like, they're not saying there's anything wrong with that, but if you wanna, if you're trying to level up, you're trying to move on then.
Uh, yeah, I mean, and you're in Washington, DC, Maryland, Virginia, something's wrong. And it's gotta be your resume. Okay. So what I'm doing right here on the back end here, just give me a second here. What I'm doing is I am, uh, I'm logging into a couple of, uh, things here so I can show you guys what, how I was.
I've been able to do this for years. There's a method to my madness. I have not. The only time I'm unemployed is when I'm between jobs, put it to you that way. I, I don't go without jobs. Even during COVID 19, I'm still getting job offers. It's crazy. It's crazy. And it's doing the cybersecurity stuff
and there's a reason for it. And I'm gonna show you that reason here in a second. Soon as I can log into my freaking account,  give a second here. I'm I'm really trying, I haven't logged into this thing in a long time. Oh, what is going on? I'm trying to get into LinkedIn and I can't something's wrong. I'm about to lock myself out.
Give me your second here guys. Show you a couple things number. The first thing I'm gonna do is pay some bills. So let me, I'm gonna switch over here. Let me show you something. Okay. What you're looking at here is combo courses. Okay. Now combo courses is a condensed version, a a condensed, organized version of my YouTube channel, where I take everything I've learned and I put it into a course.
Some of these courses are free. Um, some of these courses that I put out there are, are free on here. Organized I'd spent hours working on this stuff, but let me show you one. It, it doesn't get a lot of sales, but it's, it's the one as in life has been the most beneficial to me. This is resume marketing and cyber security, uh, for cyber security.
And it, this right here is why I'm always employ. This right. This course right here. What I did was I take, took the method that I have been using for years and years, since I got outta the military in 2000, I got military 2003, and I've not been out without a job. I always have a job. I'm always offered jobs.
And, and I was like, why, why am I, so why am I so lucky? It's not luck. There's a process to it. It's not luck guys. Success favors the prepared. And that's what I'm showing you how to do on this, on this, on this. Now, if you, if you don't have the money to do it, you know, I'm not listen. If you don't have the money to do it, don't buy it.
Okay. But if you do, you buy this course, I'll walk with you every step of the way. All right? Like literally you can, you can contact me and I'll, I'll look through your resume, all that stuff. But this right here, this process is how I've done it. And I, I could tell you right now, look, I'll give you a bird's eye view of this thing.
Some of this is free by the way. Some of this parts of this very course is free. Go to combo courses.com link in the description below. Some of it's free. If you sign up, it's some of it's free. So number one, what you want to do is you wanna do, you, you have to do your research. You have to do your research.
Okay. What does that mean? I'm gonna show you in a second. You gotta do your research. Once you do your research, you got to focus on keyword. You gotta put those keyword in your resume. Once you put them in your resume, once you fine tuned and dialed in your resume, you want to advertise market yourself.
That's the name of the game. Link. The description below. If you wanna get to this site, this is the bread and butter success favors the prepared. Now let me show you what I do to re to research this right here is LinkedIn. This is my LinkedIn page. Um, this is the one I use to get jobs.  all right. That's what you're looking at right here.
Let me show you something. This is my resume right here. I haven't updated this in a while. Don't need it. I got a great job. I'm getting paid at this job. I'm not bragging. I'm just telling you, this is, this could be you. All I've done is leveled up for the last 10 years. And that's where I'm at, where I'm at.
It wasn't easy and it took time. But the reason why it has worked is because I have a method to my madness. It's not random. It's not look, it's a process. Now, first thing I told you was I did my research. How do you research? You gotta know what words people are using on their resume. So let me show you something.
So if we type in. Let's say you want to be in risk management framework. Okay. Risk management, risk management. So what you do is you'll type in risk management framework, risk management frame. See how it's already auto correcting. Lot of research is just this right here. It's auto correcting. This is telling you right here, piping in to get to this particular, these jobs they're typing in risk management, risk management specialists, risk management analysts.
There you go right there. There's some of it let's find another keyword here. Let's RMF. I mean, as soon as you, if you're following along with me, you're already conducting some research on your own. Now look at this. I typed in risk management framework. Now here's this is important. First guy who pops up is a dude who has a C S S P C H.
And it L L and some other certifications. Right? Why is this important? Because this is telling you how this algorithm on LinkedIn is behaving. And this guy is number one. So let's go see what this guy is saying. You do your research by looking at this person's resume. I'm not telling you to lie. Um, but I am telling you to steal.
So what you're gonna do is you're gonna go to this person's resume, and you're gonna look at the wording that they use. What wording did this person use? You're gonna steal the wording that they use. Don't lie. You're not lying. Okay. What you're doing is you're wording the stuff that you have done with the language that is being used on this particular platform.
Now, each platform's a little bit different. You go to dice.com. It's gonna be slightly different from LinkedIn. You go to monster.com. It's gonna be, it's gonna be different from this one. One of the things I also do on the course is I go through. Many other ones that I use that have worked for me, uh, that I, I have not gone without.
That's what I do. But right now, without you paying anything, I'm telling you right now, this is how you do it. Research number one, step, do your research. There's some other stuff that I go into on the course, but if we wanna get to the guts of this thing, do your research, what is research? You're looking for the language of whatever, whatever field you're getting into cyber security is huge.
Like what if you say I wanna be in cybersecurity? What does that even mean? Think about it. Cyber security is like 20 different fields. All right. It's risk management framework. It's network security. It's cryptography, it's forensics. There's so many different fields. You gotta be specific. Now that said.
once you choose, let's say you chose chose forensics, right? You chose forensics. You gotta realize that once you do your research, you'll realize, okay, well it's forensics. The, the average person in forensics is, has a bachelor's degree, has a master's degree. The average person in forensics has a master's degree.
I don't know if that's the case. I'm just get I'm speculating. Okay. I don't, I've not been in forensics, but your research is going to allow you to know what the field is like and what you need for that field. Some fields require no less than a master's degree. Some fields don't require a degree at all.
Alright. They require certification. Some fields are like super heavy on certifications. Listen, you can hate the game all you want, but I'm just telling you how it works. So number one, do your research. What is the field you're trying to go into? What do they need? All right. Um, what kind of key words do they use?
You could, that's easy to find out. You just go to LinkedIn and you see what people are using in their resumes. You, you, you look at employers and look what they're looking for. What are they typing in when they say they want a risk management framework person? How many years on average are they looking for?
You'll find this around two to three years, by the way. Now, if they want two to three years of experience, you don't have that in risk management. Um, you might wanna look into your own organization and see if you can get in. You might even hardly have risk management framework experience. And that's one of the things I tell you how to put on.
How do you put that on your resume? If you, how do you even know if you've done it? I I'll give you one example, like, uh, MJA right here says he's been doing help desk for 10 years. And I ask him like, okay, Have you ever assisted with a policy before? What kind of policy was it? Was it Sarbanes? Oxley? Was it a DSS PCI?
Was it a risk management framework policy? If it's a, if you've helped to create a risk management framework, I know this, I know that I know that sometimes our field like me as a risk management framework person as an ISSO, I have reached out to firewall guys and said, Hey, could you ex I'm not, I'm not firewall person.
Could you put, I'm trying to write this policy or procedure about firewalls. Could you add some stuff in here? And then they will give me what they have. They give it to me. And then I use, I put it in a different language or whatever, you know, I translate it to where managers can read it to easy speak  and then it's boom, it's a policy or it's a procedure or whatever.
So, if I have helped this, if this firewall guy has helped me by giving me the data, guess what he has participated in risk management framework, you can put that on your resume and you're not lying. So that's why I ask him, have you ever written a procedure? Have you ever written a policy? That's? Half of our job is, uh, writing policies, reading through policies, correcting updating policies.
A lot of our job and risk management framework is doing that very thing. So if you've ever written a policy, if you've written a Wiki, if you've written any of these things, especially if you've done it so that you can, your organization can be compliant with SMA can be compliant with state and local regulations.
You have participated in security compliance. You have to put it on your resume, though. If you don't put on your resume, no one's gonna know that you ever did those things. I'm blown away. When people tell me that they have been. In Washington, DC, Virginia, and, and Maryland, and are not leveling up. It blows my freaking mind.
Cuz that means your resume's jacked up. It's gotta be, I mean, I don't know what else could be. I really don't cuz it's not racism.  it's I could tell you that much, uh, because they're hiring me and another state, you know, how many comp, how many companies that I've worked for that were from Maryland? Quite a few.
And I'm I live in Colorado. So just telling you the jobs are there. Um, okay. Somebody else said, um, do you think not having a bachelor's degree will really hurt my chances? Um, I would say this I'm just gonna be very Frank about this. Um, it will hurt your chances of, of making more money. Cuz a lot of companies, especially contracting companies are looking for a bachelor's degree.
Now there's things that you can.  instead of a bachelor's degree that will help you to continue to level up. And one of those is, um, a certifications. Here we go again, right. Certifications, but certain certifications make as much or more than bachelor's degrees. I'm just, just being honest with you. Uh, a lot of contracts, the reason why a lot of contractors are looking for the bachelor's degree is because, um, because it's federally, it's federally mandated by, um, they even it's.
So the federal policy and directive is called 81 40 81 81. 40 is very interesting. It's one of the things I talk about. In my, um, course by the way, 81 40, let I, let me, let me see if I could show you real quick. I really gotta get off this off this thing after this though,  81 40. Let me show you why so many people ask for this.
Oh, by the way. So while I'm typing here, one of the things that you can do, um, one of the things that you can do instead of a bachelor's degree is C I S S P or a CASP, uh, certification. And I'm gonna show you why in a second here, if I can find a good place for the, okay. You know what, let me just show you my screen real quick should be safe.
Okay. So what I did was I just went into Google and typed 81 40 certification, uh, 81, 40, like I said, is a D O D directive. It's actually. Use across federal many federal organizations use this. And because of this, because, uh, so many federal organizations and state organizations are jumping on the bandwagon for this 81 40, a lot of cor, a lot of organizations, such as comp tia.org, G GIA C, and many, many sands.
All these different organizations are jumping on the bandwagon and CRE marketing to the 81 40 cuz they realize how important it is. Another thing you can do by the way is put it on your resume that you're working towards a bachelor's degree. Some will actually help you to get that degree. Especially if you have skills, if you have skills, skills is the most important thing.
It's more important than a certification. It's more important than a degree. The most important thing you can bring to the table is your skills and your experience. I mean by far bar, none experience trumps everything.  no pun intended experience over everything. Okay. So, um, if you have a skill set, let's say they hire you because you're a Splunk master, right.
You know, Splunk inside and out, you know, it's so good. And you've been doing for five years all, and, but you don't have a degree and they're like, look, we require a degree. However, we can see you have five years of Splunk experience. And you're really good. So listen, we'll hire you, but you have to get this degree within two, three years or whatever, right.
Within a year or whatever. Can you get a, can you do that sometimes? I'll do I know that? Cuz they did that. Not for a degree. They did this for CI SS P. I went into a job when I first got outta the military. One of my first jobs, my second job, actually outta the military, they said the requirement was I had to have a C I S S P and I, at the time I did not have one.
This was 2004. And um, they, and I had a security plus though. No, no, I didn't. I didn't have a security plus. So then they go, they go, listen. Um, this job require, we see that you have skills though. We see you've been doing this in the military for X amount of years. You've been doing at the times called scap diet cap.
Same thing as risk management framework. They say, you, we, we see you've been doing this. We need your skill set. Can you get a CISs P in a year? And I said, yeah, right. Always say, yes. Remember, always say yes. I said, yes, I can do it. Right. And I was confident at the time I was confident I could do it. So I get in, they hired me.
I get like a 20% raise. Right. Cause I'd been doing like straight up Linux. I, I was like a Unix administrator. Yeah, and doing like Satcom stuff that I always wanted to do, I was doing, I was networking, crazy freaking networking stuff, but I, number one, I wasn't super skilled at it.  and number two, uh, I was an entry level guy, so I, they weren't paying me very much, but, um, I was able to learn it and all that kind of stuff, but I wasn't like freaking the Michael Jordan of fucking, I mean, excuse my language of Unix.
But anyway, uh, so anyway, I got this other job and uh, they said, listen, if you can, if you can, if you can get this C I S S P and a year, we're gonna hire you. I said, yes, I can do it. They hired me. And not only, so they paid for my CI S S P by the way, they paid for me to go to a couple boot camps. And, uh, they, uh, paid for me to study all that kind of stuff.
Anything I didn't think I did. I didn't do a boot camp for a CI S S P I did a boot camp for C or something, some kind of black hat thing that they had me do, but, um, I ended up.  getting the security plus. And, uh, they, they, uh, said, okay, look, you're supposed to get the CI S P in a year. And I was so nervous to take it cuz I knew how hard it was.
I said, look, I'll take the security plus right now. But after my year I took the security plus and they said, okay, you got the, I got the security plus. And they said, okay, look now you got to get that, that CI I S S P I said, okay, I'll do it. So then the next year I studied for like two years straight to get the CI S S P and I got it.
Um, but, but yeah, so bachelor's degree. That is a really good question. Do you, does it hurt you? I would say it hurt your money.  I mean, I'm just being honest. Uh, and the, and the higher degree you have, I'd say up to a master's I'd say probably a PhD is not master's degree is good. Um, PhD is like a lot, a lot for a, for a little, um, unless you're trying to run a company or.
I mean, I'm not saying you shouldn't get a doctorate, but, um, it's not necessary to make six figures. I should. I'll put it too that way. Okay. Let me see. Um, so what I was I showing you? Okay. Yeah. I was showing you this 81 40 and, and showing you why it's important to get the cert the, uh, a certification or, or a degree this, uh, 81 40 not only goes into different certifications that you should get, but it goes into the timeframe of how long you experience you should have.
And it goes into degrees and this is not, this is not it. Okay. Let me see if I could find the actual 81, 81 40 policy.
Um, there's so many people advertising for it these days that, uh, it's hard to find the actual 81 40 here's. Um, here's the 81 40 right here.  um, I don't know if this is the full blown poly. Let me see degree. Let me see if I could find the actual, Nope, that's not it. Nope. Certification certificate. It goes into certification.
It doesn't this part. I don't think mentions the certifications by name, but they have another portion of this that does goes into how many years of experience you should have it. It details essentially. This is, this is not the, this is not the document. This is the directive, but there's another one that goes into greater detail about it.
And I'll keep looking for it. As we talk here. So there's a directive and a policy that goes into how many years of experience they want an organization to have for their workers or cyber security workforce. How many, if you have a degree, how many years, what kind of degree you should have at certain levels and all that kind of stuff is what it breaks down.
And that's what I was looking for because that right there is the reason why so many organizations are looking for looking for degrees and stuff. Yeah. And somebody said, um, the higher you education, you get, uh, go, go get the, that higher education if you can. Yeah, absolutely. I agree with that. Yeah. So I'm not, I'm not trying to bash, um, master's degrees or, or, or, uh, or doctorates or anything like that.
Yeah. You should definitely get the higher one. You get at the most prestigious co college, whatever, you don't have to get it at a prestigious college. You don't, it doesn't have to be a master's or a doctorate. I'm just saying. Uh, if you want six figures bachelor's degree, uh, you gotta have to get a bachelor's degree.
I mean, nine times outta 10, most of the time, I mean, I have met people who are making six figures with, with none of that is very rare and they were, they were geniuses , uh, but it, it does happen. So, um, let me see. I'm trying to find, okay, well, this is the best I can find right here. So let me just show you this.
I wanna leave you empty handed here. So this is a breakdown of the 81 40, uh, workforce D OD approved, 81 40, uh, eight formerly named eight, uh, 8, 5 70 baseline certifications. And so what they're saying is at this level at a I T level one, which it means information assurance, technician, level one, they're wanting you to get one of these certifications.
and then, uh, level two level one is like, uh, a help desk person. Like they're, they're usually working on this one system right here and they're fixing they're troubleshooting. This system level two is I believe that's like it's level everything in level one, but also includes networking. Like you gotta know a little bit more about how it attaches to the rest of the network.
And then level three is when you're getting into like weapon systems, the specialized systems, and like maybe multiple, uh, sites that have networking, stuff like that. So that's, that's kind of how it was explained to me. And, uh, and since I've been in the field, that's kind of how they put you into these different boxes and then information assurance management that is dealing with the people who actually manage the help desk or manage the, the land or the environments.
Uh, the enterprise level stuff, and then they have other ones like architect, which I've never, I've never been a, uh, I've worked with them. I, I've not done the, that position, uh, cyber security, uh, service providers. I've done some of these. I was an analyst at one point, uh, incident responder done that done auditing and some of this stuff and yeah, they they're looking for these particular certifications and these do, uh, change from time to time.
So I hope to answer S kind of a long winded explanation of a, of something that was a little bit more simple.  um, okay. I'll answer. Let me read one more question. I get the heck outta here. Um, would you recommend moving from a GS federal? If so, to a contractor position, the benefits and stability are. Are really good with feds, but the pay is low.
Um, Thomas Johns, I actually did a whole video. Please search out my video on this YouTube channel for this one. Cuz I've been asked this a couple times and I did a pretty thorough explanation of what I think somebody specifically asked me they were a GS person and they were trying to move into contract work and they asked me what, whether they should do it.
And what I did was I broke down the pros and cons of each, but I can very quickly do this. What do I think about this? Let me just pros and cons. Okay. GS position for is so they're not paid super high, but you gotta take into account that they have the best benefits probably of anyone in the, in the United States.
As far as the United States is concerned, right? Probably can't compare to, uh, uh, Sweden or something like that. But in the, in the United States, the, the GS positions probably have the best, the best, um, Benefits. They have the most time off, they have really good medical benefits, which is super important in the us.
They have good dental benefits. They have it's solid. Right. It's so, so, and then it takes an act of Congress to get you fired. Like they do not fire people in GS positions. Um, that said, um, it can be stagnant and you're kind of in one place for a really long time. They don't make a lot of cash, but it makes up the benefits make that up.
Um, it can be a little bit boring. And that's another thing that I didn't like in particular, you're at the whims of the government and how slow the government moves on a lot of things. If you move for contracting work, the pros of contracting is, uh, you get to touch a lot more technology. It's, it's more fun, especially if you're in it.
If you're into cyber security, you get to learn more things. There's more stuff going on. Everything's moving really fast and everything. So it's, it's more fun to constantly keep up with the, with the trends and everything. The, the con it pays more, it pays significantly higher, like 30 to 40% higher  in, in, uh, in, in contracting work.
The cons the bad things is that their benefits are normally not that good. Like you get, you know, 14, if you're lucky, 10 days off a year, um, unless you find a really good company that's comparable to, you know, it's giving you way more time off and stuff. It's more OUS than other things that's really bad.
If you have a family.  I would recommend GS. Uh, it's more, it's boring, but you're not gonna get fired contracting work. I've been doing it for years. Um, is super volatile, man. It's it's crazy volatile. Yeah. You get paid more, but at any moment they can just let you go for any reason. It's just ridiculous. And especially now companies are not loyal to workers.
They really don't care. And they're just, they're being given a, like a cart blanche, do whatever they want to employees. I know I'm not trying to complain or anything. I mean, I've been living off the, the Tet of contract work for many, many years. I now am an employee at a gigantic company, even then though they can let me go at any time.
You know, they let some guys go cuz some time card stuff to happen about a month ago. So  so, um, yeah, I, I would say if you have a family, you know, if you're older, , you know, if you're, I would stick, stick with GS, I would not move in this volatile, crazy space now for you younger dude, you know, if your twenties, you don't leave, you have maybe very young family, you guys are living off of very, you know, not as much money you don't have.
You don't have a like gigantic house payment or anything like that. You have less bills, less debt, or maybe you're single. Yeah. Go for it, man. Go for the GS PO I mean the contracting positions go for it. Try to start your own damn business. Like yeah, go to take the risks. Um, if you got little less to lose, I would say that that would be my, so the thing is Thomas.
I was actually offered something. I was a, I was a contractor about man. What year was that? 2000 and, and eight in 2007. That timeframe I was a contractor and I'd been a contractor for. Like five up five years up to that point. And the GS, the government took me aside and they were about to let, they were about to let all our positions go.
And they were letting us know like two years in, in advance. And they said, look, all the positions that we have, it was like risk management framework type work, developing system security plans, um, that kind of stuff. And, uh, compliance, things like that. They said, look, sat me down, said, we're about to let this whole thing go.
We're gonna transfer over all your positions to GS positions. Are you interested in taking a position with us? And I said, Hmm, maybe. I mean, I would be able to retain my total active duty service so that wouldn't be bad. I like working here. I like working with the people. It's pretty stable, but then. I said, well, how much it, how much does it pay though?
Like, I, I'm not familiar with the GS, uh, positions, like how, what, what GS level would I be at? And he said like a GS nine or GS 10. And at the time it was, um, it was gonna pay me about $15,000, less than I was making. I was making about at the time, about 75. And it was the most money I'd ever seen in my life.
In my li I was, it was the most money I'd ever seen in my life. And I was, I was happy with it. I was making about 75, 80, something like that. And they, they offered me about 60 something and I was like, I gotta make, I gotta take a $15,000 pay cut. I'm like, I don't know, like, meanwhile, I was like, I'll think about it, you know, but meanwhile, I had a business on the side, the business was going good.
And at the time I was like, this business is about to blow up. I'll make more money than all of this. And that's not what happened by the way the business didn't go well, like it went well for a while and it folded. So  anyway. So on the other side of it, you know, I, I wasn't taking super high risk. I was still looking for another job.
I was like, well, let me look for another job and see what happens with that. And this other job offered me like 90. And I was like, what? So I had the choice of taking a job for 90. Now at the time I had a kid, one kid at the time I was married, had a house payment, had all this debt. And so I got a chance to either make 95.
65 or 65,000. Right. And I'm like, mm I'm gonna take the 95.
and, uh, yeah, I mean, if I, if I'd done it though, here's the thing, here's the drawback for me. I would've, I would've been able to retire from, from, uh, I would've been able to retire by now. So give and take, you know, and the retirement would've been oh, 2000 a month or something like that. I don't know something like that.
The 1500 by now I'd be retiring. So, so yeah, that's, that's my story and I'm sticking to it. Um, that's it guys. I gotta go make some food. Um, some rice. Um, thank you guys for watching. I appreciate everybody's questions. I'm sorry. I wasn't able to get to everyone's questions, but I always, I always appreciate all of these, uh, these sessions we have, um,  Aja MJA.
If you have my email, please send me your resume. I'll take a look at it. Anybody else send me your resume? I'll take a look at it if I have time, if, um, but if you sign up for my, um, let me pay some bills real quick. If you sign up for this, anyone else you or anyone else signs up for this? Um, I will, you know, very guaranteed look at your resume, guaranteed.
Um, because I, you know, like if you've paid for it and I'm gonna, I'm gonna walk you through what I did. If you have any questions about this thing, I will help you out. And, uh, that's it guys. Thank you guys for watching.

0:00 Convocourses page
0:59 Start of Convocourses podcast
2:47 Every ISSO Needs to Know this
37:06 Entry Level Cybersecurity What You Should Know
47:00 Types of IT Jobs for Remote Work
51:35 Military ISSO to Civilian ISSO
01:04:05 Videos about SCA work
01:08:40 PCI DSS work my opinion
01:15:34 States to find ISSO RMF jobs 

RMF ISSO Assignment https://securitycompliance.thinkific.com/courses/rmf-isso-assignments-101 https://securitycompliance.thinkific.com/courses/cybersecurity check out our courses at: http://convocourses.com
0:00 Convocourses screen
4:29 Convocoures Big Thank you
6:11 Free Training on NIST 800-37 on Convocourses
8:11 New to the ISSO no technical background Where do I get training
19:11 CISSO vs ISSO RMF convoCourses
31:49 Have I Ever Resubmitted a Resume I have […]